aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/conf.py5
-rwxr-xr-xsrc/manager.py2
-rw-r--r--src/web/controllers/abstract.py46
-rw-r--r--src/web/controllers/article.py23
-rw-r--r--src/web/controllers/feed.py32
-rw-r--r--src/web/controllers/user.py12
-rw-r--r--src/web/export.py2
-rw-r--r--src/web/forms.py45
-rw-r--r--src/web/js/actions/MenuActions.js5
-rw-r--r--src/web/js/actions/MiddlePanelActions.js6
-rw-r--r--src/web/js/actions/RightPanelActions.js8
-rw-r--r--src/web/js/components/MainApp.react.js2
-rw-r--r--src/web/js/components/Menu.react.js25
-rw-r--r--src/web/js/components/MiddlePanel.react.js19
-rw-r--r--src/web/js/components/Navbar.react.js8
-rw-r--r--src/web/js/components/RightPanel.react.js12
-rw-r--r--src/web/js/constants/JarrConstants.js22
-rw-r--r--src/web/js/stores/MenuStore.js25
-rw-r--r--src/web/js/stores/MiddlePanelStore.js46
-rw-r--r--src/web/lib/feed_utils.py14
-rw-r--r--src/web/lib/utils.py4
-rw-r--r--src/web/models/__init__.py8
-rw-r--r--src/web/models/article.py18
-rw-r--r--src/web/models/category.py16
-rw-r--r--src/web/models/feed.py22
-rw-r--r--src/web/models/right_mixin.py54
-rw-r--r--src/web/models/user.py16
-rw-r--r--src/web/templates/admin/dashboard.html6
-rw-r--r--src/web/templates/home.html2
-rw-r--r--src/web/templates/layout.html16
-rw-r--r--src/web/templates/management.html6
-rw-r--r--src/web/views/__init__.py23
-rw-r--r--src/web/views/admin.py114
-rw-r--r--src/web/views/api/__init__.py28
-rw-r--r--src/web/views/api/article.py63
-rw-r--r--src/web/views/api/category.py20
-rw-r--r--src/web/views/api/common.py212
-rw-r--r--src/web/views/api/feed.py60
-rw-r--r--src/web/views/article.py74
-rw-r--r--src/web/views/category.py16
-rw-r--r--src/web/views/common.py53
-rw-r--r--src/web/views/feed.py40
-rw-r--r--src/web/views/home.py156
-rw-r--r--src/web/views/session_mgmt.py92
-rw-r--r--src/web/views/user.py22
-rw-r--r--src/web/views/views.py414
46 files changed, 932 insertions, 982 deletions
diff --git a/src/conf.py b/src/conf.py
index 0fcb330e..f30b5701 100644
--- a/src/conf.py
+++ b/src/conf.py
@@ -9,6 +9,7 @@ import logging
BASE_DIR = os.path.abspath(os.path.dirname(__file__))
PATH = os.path.abspath(".")
+API_ROOT = '/api/v2.0'
# available languages
LANGUAGES = {
@@ -23,6 +24,7 @@ TIME_ZONE = {
ON_HEROKU = int(os.environ.get('HEROKU', 0)) == 1
DEFAULTS = {"platform_url": "https://jarr.herokuapp.com/",
+ "self_registration": "false",
"cdn_address": "",
"admin_email": "root@jarr.localhost",
"postmark_api_key": "",
@@ -45,7 +47,7 @@ DEFAULTS = {"platform_url": "https://jarr.herokuapp.com/",
"host": "0.0.0.0",
"port": "5000",
"crawling_method": "classic",
- "webzine_root": "/tmp",
+ "webzine_root": "~/tmp",
}
if not ON_HEROKU:
@@ -76,6 +78,7 @@ else:
PLATFORM_URL = config.get('misc', 'platform_url')
ADMIN_EMAIL = config.get('misc', 'admin_email')
+SELF_REGISTRATION = config.getboolean('misc', 'self_registration')
RECAPTCHA_PUBLIC_KEY = config.get('misc', 'recaptcha_public_key')
RECAPTCHA_PRIVATE_KEY = config.get('misc',
'recaptcha_private_key')
diff --git a/src/manager.py b/src/manager.py
index e64263f2..14139ec2 100755
--- a/src/manager.py
+++ b/src/manager.py
@@ -64,7 +64,7 @@ def fetch_asyncio(user_id, feed_id):
loop = asyncio.get_event_loop()
for user in users:
- if user.enabled:
+ if user.is_active:
print("Fetching articles for " + user.nickname)
g.user = user
classic_crawler.retrieve_feed(loop, g.user, feed_id)
diff --git a/src/web/controllers/abstract.py b/src/web/controllers/abstract.py
index 828e6a29..2a2e6f9f 100644
--- a/src/web/controllers/abstract.py
+++ b/src/web/controllers/abstract.py
@@ -1,30 +1,29 @@
import logging
-from flask import g
+import dateutil.parser
from bootstrap import db
+from datetime import datetime
+from collections import defaultdict
from sqlalchemy import or_, func
from werkzeug.exceptions import Forbidden, NotFound
logger = logging.getLogger(__name__)
-class AbstractController(object):
+class AbstractController:
_db_cls = None # reference to the database class
_user_id_key = 'user_id'
- def __init__(self, user_id=None):
+ def __init__(self, user_id=None, ignore_context=False):
"""User id is a right management mechanism that should be used to
filter objects in database on their denormalized "user_id" field
(or "id" field for users).
Should no user_id be provided, the Controller won't apply any filter
allowing for a kind of "super user" mode.
"""
- self.user_id = user_id
try:
- if self.user_id is not None \
- and self.user_id != g.user.id and not g.user.is_admin():
- self.user_id = g.user.id
- except RuntimeError: # passing on out of context errors
- pass
+ self.user_id = int(user_id)
+ except TypeError:
+ self.user_id = user_id
def _to_filters(self, **filters):
"""
@@ -83,6 +82,7 @@ class AbstractController(object):
return obj
def create(self, **attrs):
+ assert attrs, "attributes to update must not be empty"
if self._user_id_key is not None and self._user_id_key not in attrs:
attrs[self._user_id_key] = self.user_id
assert self._user_id_key is None or self._user_id_key in attrs \
@@ -98,6 +98,7 @@ class AbstractController(object):
return self._get(**filters)
def update(self, filters, attrs):
+ assert attrs, "attributes to update must not be empty"
result = self._get(**filters).update(attrs, synchronize_session=False)
db.session.commit()
return result
@@ -121,3 +122,30 @@ class AbstractController(object):
return dict(db.session.query(elem_to_group_by, func.count('id'))
.filter(*self._to_filters(**filters))
.group_by(elem_to_group_by).all())
+
+ @classmethod
+ def _get_attrs_desc(cls, role, right=None):
+ result = defaultdict(dict)
+ if role == 'admin':
+ columns = cls._db_cls.__table__.columns.keys()
+ else:
+ assert role in {'base', 'api'}, 'unknown role %r' % role
+ assert right in {'read', 'write'}, \
+ "right must be 'read' or 'write' with role %r" % role
+ columns = getattr(cls._db_cls, 'fields_%s_%s' % (role, right))()
+ for column in columns:
+ result[column] = {}
+ db_col = getattr(cls._db_cls, column).property.columns[0]
+ try:
+ result[column]['type'] = db_col.type.python_type
+ except NotImplementedError:
+ if db_col.default:
+ result[column]['type'] = db_col.default.arg.__class__
+ if column not in result:
+ continue
+ if issubclass(result[column]['type'], datetime):
+ result[column]['default'] = datetime.utcnow()
+ result[column]['type'] = lambda x: dateutil.parser.parse(x)
+ elif db_col.default:
+ result[column]['default'] = db_col.default.arg
+ return result
diff --git a/src/web/controllers/article.py b/src/web/controllers/article.py
index bc9ef36e..37a35023 100644
--- a/src/web/controllers/article.py
+++ b/src/web/controllers/article.py
@@ -6,7 +6,7 @@ from collections import Counter
from bootstrap import db
from .abstract import AbstractController
-from web.controllers import FeedController
+from web.controllers import CategoryController, FeedController
from web.models import Article
logger = logging.getLogger(__name__)
@@ -35,11 +35,12 @@ class ArticleController(AbstractController):
def create(self, **attrs):
# handling special denorm for article rights
- assert 'feed_id' in attrs
+ assert 'feed_id' in attrs, "must provide feed_id when creating article"
feed = FeedController(
attrs.get('user_id', self.user_id)).get(id=attrs['feed_id'])
if 'user_id' in attrs:
- assert feed.user_id == attrs['user_id'] or self.user_id is None
+ assert feed.user_id == attrs['user_id'] or self.user_id is None, \
+ "no right on feed %r" % feed.id
attrs['user_id'], attrs['category_id'] = feed.user_id, feed.category_id
# handling feed's filters
@@ -66,6 +67,17 @@ class ArticleController(AbstractController):
return super().create(**attrs)
+ def update(self, filters, attrs):
+ user_id = attrs.get('user_id', self.user_id)
+ if 'feed_id' in attrs:
+ feed = FeedController().get(id=attrs['feed_id'])
+ assert feed.user_id == user_id, "no right on feed %r" % feed.id
+ attrs['category_id'] = feed.category_id
+ if attrs.get('category_id'):
+ cat = CategoryController().get(id=attrs['category_id'])
+ assert cat.user_id == user_id, "no right on cat %r" % cat.id
+ return super().update(filters, attrs)
+
def get_history(self, year=None, month=None):
"""
Sort articles by year and month.
@@ -84,3 +96,8 @@ class ArticleController(AbstractController):
else:
articles_counter[article.date.year] += 1
return articles_counter, articles
+
+ def read_light(self, **filters):
+ return super().read(**filters).with_entities(Article.id, Article.title,
+ Article.readed, Article.like, Article.feed_id, Article.date,
+ Article.category_id).order_by(Article.date.desc())
diff --git a/src/web/controllers/feed.py b/src/web/controllers/feed.py
index 78caf2e1..a3f5cae7 100644
--- a/src/web/controllers/feed.py
+++ b/src/web/controllers/feed.py
@@ -1,24 +1,3 @@
-#! /usr/bin/env python
-# -*- coding: utf-8 -*-
-
-# jarr - A Web based news aggregator.
-# Copyright (C) 2010-2016 Cédric Bonhomme - https://www.cedricbonhomme.org
-#
-# For more information : https://github.com/JARR-aggregator/JARR/
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
import logging
import itertools
from datetime import datetime, timedelta
@@ -26,7 +5,7 @@ from datetime import datetime, timedelta
import conf
from .abstract import AbstractController
from .icon import IconController
-from web.models import Feed
+from web.models import User, Feed
from web.lib.utils import clear_string
logger = logging.getLogger(__name__)
@@ -43,11 +22,12 @@ class FeedController(AbstractController):
return [feed for feed in self.read(
error_count__lt=max_error, enabled=True,
last_retrieved__lt=max_last)
+ .join(User).filter(User.is_active == True)
.order_by('last_retrieved')
.limit(limit)]
- def list_fetchable(self, max_error=DEFAULT_MAX_ERROR, limit=DEFAULT_LIMIT,
- refresh_rate=DEFAULT_REFRESH_RATE):
+ def list_fetchable(self, max_error=DEFAULT_MAX_ERROR,
+ limit=DEFAULT_LIMIT, refresh_rate=DEFAULT_REFRESH_RATE):
now = datetime.now()
max_last = now - timedelta(minutes=refresh_rate)
feeds = self.list_late(max_last, max_error, limit)
@@ -104,7 +84,9 @@ class FeedController(AbstractController):
def update(self, filters, attrs):
from .article import ArticleController
self._ensure_icon(attrs)
- if 'category_id' in attrs:
+ if 'category_id' in attrs and attrs['category_id'] == 0:
+ del attrs['category_id']
+ elif 'category_id' in attrs:
art_contr = ArticleController(self.user_id)
for feed in self.read(**filters):
art_contr.update({'feed_id': feed.id},
diff --git a/src/web/controllers/user.py b/src/web/controllers/user.py
index ae169b05..1b5c123e 100644
--- a/src/web/controllers/user.py
+++ b/src/web/controllers/user.py
@@ -1,9 +1,10 @@
-import random
-import hashlib
-from werkzeug import generate_password_hash
+import logging
+from werkzeug import generate_password_hash, check_password_hash
from .abstract import AbstractController
from web.models import User
+logger = logging.getLogger(__name__)
+
class UserController(AbstractController):
_db_cls = User
@@ -11,10 +12,13 @@ class UserController(AbstractController):
def _handle_password(self, attrs):
if attrs.get('password'):
- attrs['pwdhash'] = generate_password_hash(attrs.pop('password'))
+ attrs['password'] = generate_password_hash(attrs.pop('password'))
elif 'password' in attrs:
del attrs['password']
+ def check_password(self, user, password):
+ return check_password_hash(user.pwdhash, password)
+
def create(self, **attrs):
self._handle_password(attrs)
return super().create(**attrs)
diff --git a/src/web/export.py b/src/web/export.py
index 220f8a42..41ee839c 100644
--- a/src/web/export.py
+++ b/src/web/export.py
@@ -139,7 +139,7 @@ def export_html(user):
"""
Export all articles of 'user' in Web pages.
"""
- webzine_root = conf.WEBZINE_ROOT + "webzine/"
+ webzine_root = conf.WEBZINE_ROOT + "/webzine/"
nb_articles = format(len(models.Article.query.filter(models.Article.user_id == user.id).all()), ",d")
index = HTML_HEADER("News archive")
index += "<h1>List of feeds</h1>\n"
diff --git a/src/web/forms.py b/src/web/forms.py
index b17d2f7a..bf321ae3 100644
--- a/src/web/forms.py
+++ b/src/web/forms.py
@@ -30,12 +30,14 @@ __license__ = "GPLv3"
from flask import flash, url_for, redirect
from flask.ext.wtf import Form
from flask.ext.babel import lazy_gettext
+from werkzeug.exceptions import NotFound
from wtforms import TextField, TextAreaField, PasswordField, BooleanField, \
SubmitField, IntegerField, SelectField, validators, HiddenField
from flask.ext.wtf.html5 import EmailField
from flask_wtf import RecaptchaField
from web import utils
+from web.controllers import UserController
from web.models import User
@@ -52,15 +54,16 @@ class SignupForm(Form):
password = PasswordField(lazy_gettext("Password"),
[validators.Required(lazy_gettext("Please enter a password.")),
validators.Length(min=6, max=100)])
- recaptcha = RecaptchaField()
submit = SubmitField(lazy_gettext("Sign up"))
def validate(self):
- validated = super(SignupForm, self).validate()
- if self.nickname.data != User.make_valid_nickname(self.nickname.data):
- self.nickname.errors.append(lazy_gettext(
- 'This nickname has invalid characters. '
- 'Please use letters, numbers, dots and underscores only.'))
+ ucontr = UserController()
+ validated = super().validate()
+ if ucontr.read(login=self.login.data).count():
+ self.login.errors.append('Login already taken')
+ validated = False
+ if self.password.data != self.password_conf.data:
+ self.password_conf.errors.append("Passwords don't match")
validated = False
return validated
@@ -94,19 +97,27 @@ class SigninForm(RedirectForm):
validators.Length(min=6, max=100)])
submit = SubmitField(lazy_gettext("Log In"))
- def validate(self):
- if not super(SigninForm, self).validate():
- return False
+ def __init__(self, *args, **kwargs):
+ super().__init__(*args, **kwargs)
+ self.user = None
- user = User.query.filter(User.email == self.email.data).first()
- if user and user.check_password(self.password.data) and user.enabled:
- return True
- elif user and not user.enabled:
- flash(lazy_gettext('Account not confirmed'), 'danger')
- return False
+ def validate(self):
+ validated = super().validate()
+ ucontr = UserController()
+ try:
+ user = ucontr.get(email=self.email.data)
+ except NotFound:
+ self.email.errors.append('Wrong login')
+ validated = False
else:
- flash(lazy_gettext('Invalid email or password'), 'danger')
- return False
+ if not user.is_active:
+ self.email.errors.append('User is desactivated')
+ validated = False
+ if not ucontr.check_password(user, self.password.data):
+ self.password.errors.append('Wrong password')
+ validated = False
+ self.user = user
+ return validated
class UserForm(Form):
diff --git a/src/web/js/actions/MenuActions.js b/src/web/js/actions/MenuActions.js
index b9154581..824610d8 100644
--- a/src/web/js/actions/MenuActions.js
+++ b/src/web/js/actions/MenuActions.js
@@ -5,7 +5,7 @@ var jquery = require('jquery');
var MenuActions = {
// PARENT FILTERS
- reload: function() {
+ reload: function(setFilterFunc, id) {
jquery.getJSON('/menu', function(payload) {
JarrDispatcher.dispatch({
type: ActionTypes.RELOAD_MENU,
@@ -18,6 +18,9 @@ var MenuActions = {
crawling_method: payload.crawling_method,
all_unread_count: payload.all_unread_count,
});
+ if(setFilterFunc && id) {
+ setFilterFunc(id);
+ }
});
},
setFilter: function(filter) {
diff --git a/src/web/js/actions/MiddlePanelActions.js b/src/web/js/actions/MiddlePanelActions.js
index f805b7b1..3704e7ec 100644
--- a/src/web/js/actions/MiddlePanelActions.js
+++ b/src/web/js/actions/MiddlePanelActions.js
@@ -140,11 +140,9 @@ var MiddlePanelActions = {
data: JSON.stringify(filters),
url: "/mark_all_as_read",
success: function (payload) {
+ console.log(payload);
JarrDispatcher.dispatch({
- type: ActionTypes.CHANGE_ATTR,
- attribute: 'read',
- value_num: -1,
- value_bool: true,
+ type: ActionTypes.MARK_ALL_AS_READ,
articles: payload.articles,
});
},
diff --git a/src/web/js/actions/RightPanelActions.js b/src/web/js/actions/RightPanelActions.js
index 47adad79..5d78e001 100644
--- a/src/web/js/actions/RightPanelActions.js
+++ b/src/web/js/actions/RightPanelActions.js
@@ -4,8 +4,12 @@ var ActionTypes = require('../constants/JarrConstants');
var MenuActions = require('../actions/MenuActions');
var RightPanelActions = {
- loadArticle: function(article_id, was_read_before) {
- jquery.getJSON('/getart/' + article_id,
+ loadArticle: function(article_id, was_read_before, to_parse) {
+ var suffix = '';
+ if(to_parse) {
+ suffix = '/parse';
+ }
+ jquery.getJSON('/getart/' + article_id + suffix,
function(payload) {
JarrDispatcher.dispatch({
type: ActionTypes.LOAD_ARTICLE,
diff --git a/src/web/js/components/MainApp.react.js b/src/web/js/components/MainApp.react.js
index cbdc5833..ffb14589 100644
--- a/src/web/js/components/MainApp.react.js
+++ b/src/web/js/components/MainApp.react.js
@@ -15,7 +15,7 @@ var MainApp = React.createClass({
<Grid fluid id="jarr-container">
<Menu />
<Col id="middle-panel" mdOffset={3} lgOffset={2}
- xs={4} sm={4} md={4} lg={4}>
+ xs={12} sm={4} md={4} lg={4}>
<MiddlePanel.MiddlePanelFilter />
<MiddlePanel.MiddlePanel />
</Col>
diff --git a/src/web/js/components/Menu.react.js b/src/web/js/components/Menu.react.js
index 60578f8a..4537ee81 100644
--- a/src/web/js/components/Menu.react.js
+++ b/src/web/js/components/Menu.react.js
@@ -84,13 +84,15 @@ var CategoryGroup = React.createClass({
name: React.PropTypes.string.isRequired,
feeds: React.PropTypes.array.isRequired,
unread: React.PropTypes.number.isRequired,
- folded: React.PropTypes.bool.isRequired,
+ folded: React.PropTypes.bool,
},
getInitialState: function() {
- return {folded: this.props.folded};
+ return {folded: false};
},
componentWillReceiveProps: function(nextProps) {
- this.setState({folded: nextProps.folded});
+ if(nextProps.folded != null) {
+ this.setState({folded: nextProps.folded});
+ }
},
render: function() {
// hidden the no category if empty
@@ -265,7 +267,22 @@ var Menu = React.createClass({
);
},
componentDidMount: function() {
- MenuActions.reload();
+ var setFilterFunc = null;
+ var id = null;
+ if(window.location.search.substring(1)) {
+ var args = window.location.search.substring(1).split('&');
+ args.map(function(arg) {
+ if (arg.split('=')[0] == 'at' && arg.split('=')[1] == 'c') {
+ setFilterFunc = MiddlePanelActions.setCategoryFilter;
+ } else if (arg.split('=')[0] == 'at' && arg.split('=')[1] == 'f') {
+ setFilterFunc = MiddlePanelActions.setFeedFilter;
+
+ } else if (arg.split('=')[0] == 'ai') {
+ id = parseInt(arg.split('=')[1]);
+ }
+ });
+ }
+ MenuActions.reload(setFilterFunc, id);
MenuStore.addChangeListener(this._onChange);
},
componentWillUnmount: function() {
diff --git a/src/web/js/components/MiddlePanel.react.js b/src/web/js/components/MiddlePanel.react.js
index dad33acc..f6e44777 100644
--- a/src/web/js/components/MiddlePanel.react.js
+++ b/src/web/js/components/MiddlePanel.react.js
@@ -35,7 +35,8 @@ var TableLine = React.createClass({
icon = <Glyphicon glyph="ban-circle" />;
}
var title = (<a href={'/article/redirect/' + this.props.article_id}
- onClick={this.openRedirectLink}>
+ onClick={this.openRedirectLink} target="_blank"
+ title={this.props.feed_title}>
{icon} {this.props.feed_title}
</a>);
var read = (<Glyphicon glyph={this.state.read?"check":"unchecked"}
@@ -43,21 +44,17 @@ var TableLine = React.createClass({
var liked = (<Glyphicon glyph={this.state.liked?"star":"star-empty"}
onClick={this.toogleLike} />);
icon = <Glyphicon glyph={"new-window"} />;
- var newTab = (<a href={'/article/redirect/' + this.props.article_id}
- onClick={this.openRedirectLink} target="_blank">
- {icon}
- </a>);
var clsses = "list-group-item";
if(this.props.selected) {
clsses += " active";
}
// FIXME https://github.com/yahoo/react-intl/issues/189
// use FormattedRelative when fixed, will have to upgrade to ReactIntlv2
- return (<div className={clsses} onClick={this.loadArticle}>
+ return (<div className={clsses} onClick={this.loadArticle} title={this.props.title}>
<h5><strong>{title}</strong></h5>
<JarrTime text={this.props.date}
stamp={this.props.timestamp} />
- <div>{read} {liked} {newTab} {this.props.title}</div>
+ <div>{read} {liked} {this.props.title}</div>
</div>
);
},
@@ -81,7 +78,7 @@ var TableLine = React.createClass({
evnt.stopPropagation();
},
loadArticle: function() {
- this.setState({active: true, read: true}, function() {
+ this.setState({selected: true, read: true}, function() {
RightPanelActions.loadArticle(
this.props.article_id, this.props.read);
}.bind(this));
@@ -232,7 +229,11 @@ var MiddlePanel = React.createClass({
return (<Row className="show-grid">
<div className="list-group">
{this.state.articles.map(function(article){
- return (<TableLine key={"a" + article.article_id}
+ var key = "a" + article.article_id;
+ if(article.read) {key+="r";}
+ if(article.liked) {key+="l";}
+ if(article.selected) {key+="s";}
+ return (<TableLine key={key}
title={article.title}
icon_url={article.icon_url}
read={article.read}
diff --git a/src/web/js/components/Navbar.react.js b/src/web/js/components/Navbar.react.js
index 08716977..67e9ed56 100644
--- a/src/web/js/components/Navbar.react.js
+++ b/src/web/js/components/Navbar.react.js
@@ -38,13 +38,13 @@ JarrNavBar = React.createClass({
if(this.state.modalType == 'addFeed') {
heading = 'Add a new feed';
action = '/feed/bookmarklet';
- placeholder = "Site or feed url, we'll sort it out later ;)";
+ placeholder = "Site or feed url";
body = <Input name="url" type="text" placeholder={placeholder} />;
} else {
heading = 'Add a new category';
action = '/category/create';
body = <Input name="name" type="text"
- placeholder="Name, there isn't much more to it" />;
+ placeholder="Name" />;
}
return (<Modal show={this.state.showModal} onHide={this.close}>
<form action={action} method="POST">
@@ -70,7 +70,7 @@ JarrNavBar = React.createClass({
this.setState({showModal: true, modalType: 'addCategory'});
},
render: function() {
- return (<Navbar fixedTop inverse id="jarrnav">
+ return (<Navbar fixedTop inverse id="jarrnav" fluid staticTop={true}>
{this.getModal()}
<Navbar.Header>
<Navbar.Brand>
@@ -78,6 +78,7 @@ JarrNavBar = React.createClass({
</Navbar.Brand>
<Navbar.Toggle />
</Navbar.Header>
+ <Navbar.Collapse>
<Nav pullRight>
{this.buttonFetch()}
<NavItem className="jarrnavitem"
@@ -116,6 +117,7 @@ JarrNavBar = React.createClass({
</MenuItem>
</NavDropdown>
</Nav>
+ </Navbar.Collapse>
</Navbar>
);
},
diff --git a/src/web/js/components/RightPanel.react.js b/src/web/js/components/RightPanel.react.js
index 39b06f38..97a7c461 100644
--- a/src/web/js/components/RightPanel.react.js
+++ b/src/web/js/components/RightPanel.react.js
@@ -172,10 +172,10 @@ var Article = React.createClass({
getBody: function() {
return (<div className="panel-body">
{this.getCore()}
- <div dangerouslySetInnerHTML={
+ <div id="article-content" dangerouslySetInnerHTML={
{__html: this.props.obj.content}} />
</div>);
- },
+ }
});
var Feed = React.createClass({
@@ -317,8 +317,6 @@ var Feed = React.createClass({
<dd><JarrTime stamp={this.props.obj.last_stamp}
text={this.props.obj.last_retrieved} />
</dd>
- <dt>Number of articles</dt>
- <dd>{this.props.obj.nb_articles}</dd>
</dl>
{this.getErrorFields()}
{this.getCategorySelect()}
@@ -423,9 +421,9 @@ var RightPanel = React.createClass({
key={this.state.category.id} />);
}
- return (<Col id="right-panel" xsOffset={4} smOffset={4}
- mdOffset={7} lgOffset={6}
- xs={8} sm={8} md={5} lg={6}>
+ return (<Col id="right-panel" xsHidden
+ smOffset={4} mdOffset={7} lgOffset={6}
+ sm={8} md={5} lg={6}>
{breadcrum}
{cntnt}
</Col>
diff --git a/src/web/js/constants/JarrConstants.js b/src/web/js/constants/JarrConstants.js
index 0ea42aad..78e8bf04 100644
--- a/src/web/js/constants/JarrConstants.js
+++ b/src/web/js/constants/JarrConstants.js
@@ -1,23 +1,13 @@
-/*
- * Copyright (c) 2014-2015, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed under the BSD-style license found in the
- * LICENSE file in the root directory of this source tree. An additional grant
- * of patent rights can be found in the PATENTS file in the same directory.
- *
- * TodoConstants
- */
-
var keyMirror = require('keymirror');
module.exports = keyMirror({
TOGGLE_MENU_FOLD: null,
RELOAD_MENU: null,
- PARENT_FILTER: null,
- MENU_FILTER: null,
- CHANGE_ATTR: null,
+ PARENT_FILTER: null, // set a feed or a category as filter in menu
+ MENU_FILTER: null, // change displayed feed in the menu
+ CHANGE_ATTR: null, // edit an attr on an article (like / read)
RELOAD_MIDDLE_PANEL: null,
- MIDDLE_PANEL_FILTER: null,
- LOAD_ARTICLE: null,
+ MIDDLE_PANEL_FILTER: null, // set a filter (read/like/all)
+ LOAD_ARTICLE: null, // load a single article in right panel
+ MARK_ALL_AS_READ: null,
});
diff --git a/src/web/js/stores/MenuStore.js b/src/web/js/stores/MenuStore.js
index 49c61bc1..1cbbbda7 100644
--- a/src/web/js/stores/MenuStore.js
+++ b/src/web/js/stores/MenuStore.js
@@ -17,6 +17,7 @@ var MenuStore = assign({}, EventEmitter.prototype, {
setFilter: function(value) {
if(this._datas.filter != value) {
this._datas.filter = value;
+ this._datas.all_folded = null;
this.emitChange();
}
},
@@ -24,12 +25,10 @@ var MenuStore = assign({}, EventEmitter.prototype, {
if(this._datas.active_id != value || this._datas.active_type != type) {
this._datas.active_type = type;
this._datas.active_id = value;
+ this._datas.all_folded = null;
this.emitChange();
}
},
- readFeedArticle: function(feed_id) {
- // TODO
- },
emitChange: function() {
this.emit(CHANGE_EVENT);
},
@@ -53,6 +52,7 @@ MenuStore.dispatchToken = JarrDispatcher.register(function(action) {
MenuStore._datas['error_threshold'] = action.error_threshold;
MenuStore._datas['crawling_method'] = action.crawling_method;
MenuStore._datas['all_unread_count'] = action.all_unread_count;
+ MenuStore._datas.all_folded = null;
MenuStore.emitChange();
break;
case ActionTypes.PARENT_FILTER:
@@ -81,10 +81,10 @@ MenuStore.dispatchToken = JarrDispatcher.register(function(action) {
MenuStore._datas.categories[cat_id].unread += new_unread[feed_id];
}
if(changed) {
+ MenuStore._datas.all_folded = null;
MenuStore.emitChange();
}
}
-
break;
case ActionTypes.MENU_FILTER:
MenuStore.setFilter(action.filter);
@@ -98,18 +98,35 @@ MenuStore.dispatchToken = JarrDispatcher.register(function(action) {
MenuStore._datas.categories[article.category_id].unread += val;
MenuStore._datas.feeds[article.feed_id].unread += val;
});
+ MenuStore._datas.all_folded = null;
MenuStore.emitChange();
break;
case ActionTypes.LOAD_ARTICLE:
if(!action.was_read_before) {
MenuStore._datas.categories[action.article.category_id].unread -= 1;
MenuStore._datas.feeds[action.article.feed_id].unread -= 1;
+ MenuStore._datas.all_folded = null;
MenuStore.emitChange();
}
break;
case ActionTypes.TOGGLE_MENU_FOLD:
MenuStore._datas.all_folded = action.all_folded;
MenuStore.emitChange();
+ break;
+ case ActionTypes.MARK_ALL_AS_READ:
+ action.articles.map(function(art) {
+ if(!art.read) {
+ MenuStore._datas.feeds[art.feed_id].unread -= 1;
+ if(art.category_id) {
+ MenuStore._datas.categories[art.category_id].unread -= 1;
+
+ }
+ }
+ });
+
+ MenuStore._datas.all_folded = null;
+ MenuStore.emitChange();
+ break;
default:
// do nothing
}
diff --git a/src/web/js/stores/MiddlePanelStore.js b/src/web/js/stores/MiddlePanelStore.js
index 4a5efd00..c554f929 100644
--- a/src/web/js/stores/MiddlePanelStore.js
+++ b/src/web/js/stores/MiddlePanelStore.js
@@ -82,20 +82,18 @@ var MiddlePanelStore = assign({}, EventEmitter.prototype, {
MiddlePanelStore.dispatchToken = JarrDispatcher.register(function(action) {
var changed = false;
- switch(action.type) {
- case ActionTypes.RELOAD_MIDDLE_PANEL:
- changed = MiddlePanelStore.registerFilter(action);
- changed = MiddlePanelStore.setArticles(action.articles) || changed;
- break;
- case ActionTypes.PARENT_FILTER:
- changed = MiddlePanelStore.registerFilter(action);
- changed = MiddlePanelStore.setArticles(action.articles) || changed;
- break;
- case ActionTypes.MIDDLE_PANEL_FILTER:
- changed = MiddlePanelStore.registerFilter(action);
- changed = MiddlePanelStore.setArticles(action.articles) || changed;
- break;
- case ActionTypes.CHANGE_ATTR:
+ if (action.type == ActionTypes.RELOAD_MIDDLE_PANEL
+ || action.type == ActionTypes.PARENT_FILTER
+ || action.type == ActionTypes.MIDDLE_PANEL_FILTER) {
+ changed = MiddlePanelStore.registerFilter(action);
+ changed = MiddlePanelStore.setArticles(action.articles) || changed;
+ } else if (action.type == ActionTypes.MARK_ALL_AS_READ) {
+ changed = MiddlePanelStore.registerFilter(action);
+ for(var i in action.articles) {
+ action.articles[i].read = true;
+ }
+ changed = MiddlePanelStore.setArticles(action.articles) || changed;
+ } else if (action.type == ActionTypes.CHANGE_ATTR) {
var attr = action.attribute;
var val = action.value_bool;
action.articles.map(function(article) {
@@ -112,19 +110,15 @@ MiddlePanelStore.dispatchToken = JarrDispatcher.register(function(action) {
}
}
});
- break;
- case ActionTypes.LOAD_ARTICLE:
- changed = true;
- MiddlePanelStore._datas.selected_article = action.article.id;
- for (var i in MiddlePanelStore._datas.articles) {
- if(MiddlePanelStore._datas.articles[i].article_id == action.article.id) {
- MiddlePanelStore._datas.articles[i].read = true;
- break;
- }
+ } else if (action.type == ActionTypes.LOAD_ARTICLE) {
+ changed = true;
+ MiddlePanelStore._datas.selected_article = action.article.id;
+ for (var i in MiddlePanelStore._datas.articles) {
+ if(MiddlePanelStore._datas.articles[i].article_id == action.article.id) {
+ MiddlePanelStore._datas.articles[i].read = true;
+ break;
}
- break;
- default:
- // pass
+ }
}
if(changed) {MiddlePanelStore.emitChange();}
});
diff --git a/src/web/lib/feed_utils.py b/src/web/lib/feed_utils.py
index 80800bec..9925613f 100644
--- a/src/web/lib/feed_utils.py
+++ b/src/web/lib/feed_utils.py
@@ -1,3 +1,4 @@
+import html
import urllib
import logging
import requests
@@ -17,6 +18,19 @@ def is_parsing_ok(parsed_feed):
return parsed_feed['entries'] or not parsed_feed['bozo']
+def escape_keys(*keys):
+ def wrapper(func):
+ def metawrapper(*args, **kwargs):
+ result = func(*args, **kwargs)
+ for key in keys:
+ if key in result:
+ result[key] = html.unescape(result[key])
+ return result
+ return metawrapper
+ return wrapper
+
+
+@escape_keys('title', 'description')
def construct_feed_from(url=None, fp_parsed=None, feed=None, query_site=True):
requests_kwargs = {'headers': {'User-Agent': USER_AGENT}, 'verify': False}
if url is None and fp_parsed is not None:
diff --git a/src/web/lib/utils.py b/src/web/lib/utils.py
index 88d24ba5..f2bed3ff 100644
--- a/src/web/lib/utils.py
+++ b/src/web/lib/utils.py
@@ -9,12 +9,12 @@ from flask import request, url_for
logger = logging.getLogger(__name__)
-def default_handler(obj):
+def default_handler(obj, role='admin'):
"""JSON handler for default query formatting"""
if hasattr(obj, 'isoformat'):
return obj.isoformat()
if hasattr(obj, 'dump'):
- return obj.dump()
+ return obj.dump(role=role)
if isinstance(obj, (set, frozenset, types.GeneratorType)):
return list(obj)
if isinstance(obj, BaseException):
diff --git a/src/web/models/__init__.py b/src/web/models/__init__.py
index d9489dbb..7c50cab3 100644
--- a/src/web/models/__init__.py
+++ b/src/web/models/__init__.py
@@ -88,17 +88,13 @@ def db_create(db):
"Will create the database from conf parameters."
db.create_all()
- role_admin = Role(name="admin")
- role_user = Role(name="user")
-
user1 = User(nickname="admin",
email=os.environ.get("ADMIN_EMAIL",
"root@jarr.localhost"),
pwdhash=generate_password_hash(
os.environ.get("ADMIN_PASSWORD", "password")),
- enabled=True)
- user1.roles.extend([role_admin, role_user])
+ is_admin=True)
db.session.add(user1)
db.session.commit()
- return role_admin, role_user
+ return user1
diff --git a/src/web/models/article.py b/src/web/models/article.py
index 1fee7096..d3c0bed2 100644
--- a/src/web/models/article.py
+++ b/src/web/models/article.py
@@ -29,9 +29,10 @@ __license__ = "GPLv3"
from bootstrap import db
from datetime import datetime
from sqlalchemy import asc, desc
+from web.models.right_mixin import RightMixin
-class Article(db.Model):
+class Article(db.Model, RightMixin):
"Represent an article from a feed."
id = db.Column(db.Integer(), primary_key=True)
entry_id = db.Column(db.String())
@@ -68,18 +69,3 @@ class Article(db.Model):
return "<Article(id=%d, entry_id=%s, title=%r, " \
"date=%r, retrieved_date=%r)>" % (self.id, self.entry_id,
self.title, self.date, self.retrieved_date)
-
- def dump(self):
- return {"id": self.id,
- "user_id": self.user_id,
- "entry_id": self.entry_id,
- "title": self.title,
- "link": self.link,
- "content": self.content,
- "readed": self.readed,
- "like": self.like,
- "date": self.date,
- "updated_date": self.updated_date,
- "retrieved_date": self.retrieved_date,
- "feed_id": self.feed_id,
- "category_id": self.category_id}
diff --git a/src/web/models/category.py b/src/web/models/category.py
index 78054809..c35db52e 100644
--- a/src/web/models/category.py
+++ b/src/web/models/category.py
@@ -1,11 +1,21 @@
from bootstrap import db
+from sqlalchemy import Index
+from web.models.right_mixin import RightMixin
-class Category(db.Model):
+class Category(db.Model, RightMixin):
id = db.Column(db.Integer(), primary_key=True)
name = db.Column(db.String())
user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
- def dump(self):
- return {key: getattr(self, key) for key in ('id', 'name', 'user_id')}
+ idx_category_uid = Index('user_id')
+
+ # api whitelists
+ @staticmethod
+ def _fields_base_read():
+ return {'id', 'user_id'}
+
+ @staticmethod
+ def _fields_base_write():
+ return {'name'}
diff --git a/src/web/models/feed.py b/src/web/models/feed.py
index cb78f7ad..ba9255e9 100644
--- a/src/web/models/feed.py
+++ b/src/web/models/feed.py
@@ -29,9 +29,10 @@ __license__ = "GPLv3"
from bootstrap import db
from datetime import datetime
from sqlalchemy import desc
+from web.models.right_mixin import RightMixin
-class Feed(db.Model):
+class Feed(db.Model, RightMixin):
"""
Represent a feed.
"""
@@ -63,22 +64,3 @@ class Feed(db.Model):
def __repr__(self):
return '<Feed %r>' % (self.title)
-
- def dump(self):
- return {"id": self.id,
- "user_id": self.user_id,
- "category_id": self.category_id,
- "title": self.title,
- "description": self.description,
- "link": self.link,
- "site_link": self.site_link,
- "etag": self.etag,
- "enabled": self.enabled,
- "filters": self.filters,
- "icon_url": self.icon_url,
- "error_count": self.error_count,
- "last_error": self.last_error,
- "created_date": self.created_date,
- "last_modified": self.last_modified,
- "last_retrieved": self.last_retrieved,
- "nb_articles": self.articles.count()}
diff --git a/src/web/models/right_mixin.py b/src/web/models/right_mixin.py
new file mode 100644
index 00000000..c4d92008
--- /dev/null
+++ b/src/web/models/right_mixin.py
@@ -0,0 +1,54 @@
+class RightMixin:
+
+ @staticmethod
+ def _fields_base_write():
+ return {}
+
+ @staticmethod
+ def _fields_base_read():
+ return {'id'}
+
+ @staticmethod
+ def _fields_api_write():
+ return {}
+
+ @staticmethod
+ def _fields_api_read():
+ return {'id'}
+
+ @classmethod
+ def fields_base_write(cls):
+ return cls._fields_base_write()
+
+ @classmethod
+ def fields_base_read(cls):
+ return cls._fields_base_write().union(cls._fields_base_read())
+
+ @classmethod
+ def fields_api_write(cls):
+ return cls.fields_base_write().union(cls._fields_api_write())
+
+ @classmethod
+ def fields_api_read(cls):
+ return cls.fields_base_read().union(cls._fields_api_read())
+
+ def __getitem__(self, key):
+ if not hasattr(self, '__dump__'):
+ self.__dump__ = {}
+ return self.__dump__.get(key)
+
+ def __setitem__(self, key, value):
+ if not hasattr(self, '__dump__'):
+ self.__dump__ = {}
+ self.__dump__[key] = value
+
+ def dump(self, role='admin'):
+ if role == 'admin':
+ dico = {k: getattr(self, k) for k in self.__table__.columns.keys()}
+ elif role == 'api':
+ dico = {k: getattr(self, k) for k in self.fields_api_read()}
+ else:
+ dico = {k: getattr(self, k) for k in self.fields_base_read()}
+ if hasattr(self, '__dump__'):
+ dico.update(self.__dump__)
+ return dico
diff --git a/src/web/models/user.py b/src/web/models/user.py
index 1a276f7e..133901a5 100644
--- a/src/web/models/user.py
+++ b/src/web/models/user.py
@@ -34,9 +34,10 @@ from werkzeug import check_password_hash
from flask.ext.login import UserMixin
from bootstrap import db
+from web.models.right_mixin import RightMixin
-class User(db.Model, UserMixin):
+class User(db.Model, UserMixin, RightMixin):
"""
Represent a user.
"""
@@ -44,14 +45,17 @@ class User(db.Model, UserMixin):
nickname = db.Column(db.String(), unique=True)
email = db.Column(db.String(254), index=True, unique=True)
pwdhash = db.Column(db.String())
- roles = db.relationship('Role', backref='user', lazy='dynamic')
- enabled = db.Column(db.Boolean(), default=False)
date_created = db.Column(db.DateTime(), default=datetime.now)
last_seen = db.Column(db.DateTime(), default=datetime.now)
feeds = db.relationship('Feed', backref='subscriber', lazy='dynamic',
cascade='all,delete-orphan')
refresh_rate = db.Column(db.Integer, default=60) # in minutes
+ # user rights
+ is_active = db.Column(db.Boolean(), default=True)
+ is_admin = db.Column(db.Boolean(), default=False)
+ is_api = db.Column(db.Boolean(), default=False)
+
@staticmethod
def make_valid_nickname(nickname):
return re.sub('[^a-zA-Z0-9_\.]', '', nickname)
@@ -68,12 +72,6 @@ class User(db.Model, UserMixin):
"""
return check_password_hash(self.pwdhash, password)
- def is_admin(self):
- """
- Return True if the user has administrator rights.
- """
- return "admin" in [role.name for role in self.roles]
-
def __eq__(self, other):
return self.id == other.id
diff --git a/src/web/templates/admin/dashboard.html b/src/web/templates/admin/dashboard.html
index 57b20bb5..d6e53526 100644
--- a/src/web/templates/admin/dashboard.html
+++ b/src/web/templates/admin/dashboard.html
@@ -17,7 +17,7 @@
</tr>
</thead>
<tbody>
- {% for user in users|sort(attribute="last_seen")|reverse %}
+ {% for user in users %}
<tr {% if not user.enabled %}class="warning"{% endif %}>
<td>{{ loop.index }}</td>
<td>{{ user.nickname }}{% if user.id == current_user.id %} (It's you!){% endif %}</td>
@@ -25,7 +25,7 @@
<td class="date">{{ user.date_created | datetime }}</td>
<td class="date">{{ user.last_seen | datetime }}</td>
<td>
- <a href="{{ url_for("admin.user_form", user_id=user.id) }}"><i class="glyphicon glyphicon-edit" title="{{ _('Edit this user') }}"></i></a>
+ <a href="{{ url_for("admin.user", user_id=user.id) }}"><i class="glyphicon glyphicon-edit" title="{{ _('Edit this user') }}"></i></a>
{% if user.id != current_user.id %}
<a href="{{ url_for("admin.toggle_user", user_id=user.id) }}">
{% if user.enabled %}
@@ -34,7 +34,7 @@
<i class="glyphicon glyphicon-ok-circle" title="{{ _("Enable this account") }}"></i>
{% endif %}
</a>
- <a href="{{ url_for("admin.delete_user", user_id=user.id) }}"><i class="glyphicon glyphicon-remove" title="{{ _('Delete this user') }}" onclick="return confirm('{{ _('You are going to delete this account.') }}');"></i></a>
+ <a href="{{ url_for("admin.toggle_user", user_id=user.id) }}"><i class="glyphicon glyphicon-remove" title="{{ _('Delete this user') }}" onclick="return confirm('{{ _('You are going to delete this account.') }}');"></i></a>
{% endif %}
</td>
</tr>
diff --git a/src/web/templates/home.html b/src/web/templates/home.html
index fcb2a042..155742c5 100644
--- a/src/web/templates/home.html
+++ b/src/web/templates/home.html
@@ -7,7 +7,7 @@
<meta name="description" content="JARR is a web-based news aggregator." />
<meta name="author" content="" />
<title>JARR{% if head_titles %} - {{ ' - '.join(head_titles) }}{% endif %}</title>
- <link rel="shortcut icon" href="{{ url_for("static", filename="img/favicon.png") }}" />
+ <link rel="shortcut icon" href="{{ url_for("static", filename="img/favicon.ico") }}" />
<!-- Add custom CSS here -->
<link href="{{ url_for("static", filename="css/customized-bootstrap.css") }}" rel="stylesheet" media="screen" />
<link href="{{ url_for("static", filename="css/one-page-app.css") }}" rel="stylesheet" media="screen" />
diff --git a/src/web/templates/layout.html b/src/web/templates/layout.html
index feb370e3..50f96e8f 100644
--- a/src/web/templates/layout.html
+++ b/src/web/templates/layout.html
@@ -7,12 +7,12 @@
<meta name="description" content="JARR is a web-based news aggregator." />
<meta name="author" content="" />
<title>JARR{% if head_titles %} - {{ ' - '.join(head_titles) }}{% endif %}</title>
- <link rel="shortcut icon" href="{{ url_for("static", filename="img/favicon.png") }}" />
+ <link rel="shortcut icon" href="{{ url_for("static", filename="img/favicon.ico") }}" />
<!-- Bootstrap core CSS -->
<link href="{{ url_for("static", filename="css/bootstrap.min.css") }}" rel="stylesheet" media="screen" />
<!-- Add custom CSS here -->
<link href="{{ url_for("static", filename="css/customized-bootstrap.css") }}" rel="stylesheet" media="screen" />
- {% endblock %}
+ {% endblock %}
</head>
<body>
<nav id="jarrnav" class="navbar navbar-inverse navbar-fixed-top" role="navigation">
@@ -35,7 +35,7 @@
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse navbar-ex1-collapse">
<ul class="nav navbar-nav navbar-right">
- {% if g.user.is_authenticated %}
+ {% if current_user.is_authenticated %}
<!-- <li><a href="{{ url_for("feed.form") }}"><span class="glyphicon glyphicon-plus-sign"></span> {{ _('Add a feed') }}</a></li> -->
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
@@ -54,17 +54,12 @@
</li>
</ul>
</li>
- {% if conf.CRAWLING_METHOD == "classic" and (not conf.ON_HEROKU or g.user.is_admin()) %}
+ {% if conf.CRAWLING_METHOD == "classic" and (not conf.ON_HEROKU or current_user.is_admin) %}
<li><a href="/fetch"><span class="glyphicon glyphicon-import"></span> {{ _('Fetch') }}</a></li>
{% endif %}
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">{{ _('Feed') }} <b class="caret"></b></a>
<ul class="dropdown-menu">
- <li><a href="{{ url_for("feeds.update", action="read") }}">{{ _('Mark all as read') }}</a></li>
- <li><a href="{{ url_for("feeds.update", action="read", nb_days="1") }}">{{ _('Mark all as read older than yesterday') }}</a></li>
- <li><a href="{{ url_for("feeds.update", action="read", nb_days="5") }}">{{ gettext('Mark all as read older than %(days)s days', days=5) }}</a></li>
- <li><a href="{{ url_for("feeds.update", action="read", nb_days="10") }}">{{ gettext('Mark all as read older than %(days)s days', days=10) }}</a></li>
- <li role="presentation" class="divider"></li>
<li><a href="{{ url_for("feeds.inactives") }}">{{ _('Inactive') }}</a></li>
<li><a href="{{ url_for("articles.history") }}">{{ _('History') }}</a></li>
<li><a href="{{ url_for("feeds.feeds") }}">{{ _('All') }}</a></li>
@@ -76,9 +71,8 @@
</a>
<ul class="dropdown-menu">
<li><a href="{{ url_for("user.profile") }}"><span class="glyphicon glyphicon-user"></span> {{ _('Profile') }}</a></li>
- <li><a href="{{ url_for("user.management") }}"><span class="glyphicon glyphicon-cog"></span> {{ _('Your data') }}</a></li>
<li><a href="{{ url_for("about") }}"><span class="glyphicon glyphicon-question-sign"></span> {{ _('About') }}</a></li>
- {% if g.user.is_admin() %}
+ {% if current_user.is_admin %}
<li role="presentation" class="divider"></li>
<li><a href="{{ url_for("admin.dashboard") }}"><span class="glyphicon glyphicon-dashboard"></span> {{ _('Dashboard') }}</a></li>
<li role="presentation" class="divider"></li>
diff --git a/src/web/templates/management.html b/src/web/templates/management.html
index 01179b5e..dc95a052 100644
--- a/src/web/templates/management.html
+++ b/src/web/templates/management.html
@@ -14,18 +14,18 @@
<button class="btn btn-default" type="submit">OK</button>
</form>
<br />
- <a href="/export_opml" class="btn btn-default">{{ _('Export feeds to OPML') }}</a>
+ <a href="{{ url_for('articles.export', format='OPML') }}" class="btn btn-default">{{ _('Export feeds to OPML') }}</a>
<h1>{{ _('Data liberation') }}</h1>
<form action="" method="post" id="formImportJSON" enctype="multipart/form-data">
<span class="btn btn-default btn-file">{{ _('Import account') }} (<span class="text-info">*.json</span>)<input type="file" name="jsonfile" /></span>
<button class="btn btn-default" type="submit">OK</button>
</form>
<br />
- <a href="/export?format=JSON" class="btn btn-default">{{ _('Export account to JSON') }}</a>
+ <a href="{{ url_for('articles.export', format='JSON') }}" class="btn btn-default">{{ _('Export account to JSON') }}</a>
</div>
<div class="well">
<h1>{{ _('Export articles') }}</h1>
- <a href="/export?format=HTML" class="btn btn-default">HTML</a>
+ <a href="{{ url_for('articles.export', format='HTML') }}" class="btn btn-default">HTML</a>
</div>
</div><!-- /.container -->
{% endblock %}
diff --git a/src/web/views/__init__.py b/src/web/views/__init__.py
index 27370fc3..c5903d9b 100644
--- a/src/web/views/__init__.py
+++ b/src/web/views/__init__.py
@@ -1,13 +1,12 @@
-from .views import *
-from .api import *
+from web.views import views, home, session_mgmt, api
+from web.views.article import article_bp, articles_bp
+from web.views.feed import feed_bp, feeds_bp
+from web.views.category import category_bp, categories_bp
+from web.views.icon import icon_bp
+from web.views.admin import admin_bp
+from web.views.user import user_bp, users_bp
-from .article import article_bp, articles_bp
-from .feed import feed_bp, feeds_bp
-from .category import category_bp, categories_bp
-from .icon import icon_bp
-from .admin import admin_bp
-from .user import user_bp, users_bp
-
-
-__all__ = ['article_bp', 'articles_bp', 'feed_bp', 'feeds_bp', 'category_bp',
- 'categories_bp', 'icon_bp', 'admin_bp', 'user_bp', 'users_bp']
+__all__ = ['views', 'home', 'session_mgmt', 'api',
+ 'article_bp', 'articles_bp', 'feed_bp', 'feeds_bp',
+ 'category_bp', 'categories_bp', 'icon_bp',
+ 'admin_bp', 'user_bp', 'users_bp']
diff --git a/src/web/views/admin.py b/src/web/views/admin.py
index b5b0fd54..1dc676de 100644
--- a/src/web/views/admin.py
+++ b/src/web/views/admin.py
@@ -1,43 +1,48 @@
-from flask import (Blueprint, g, render_template, redirect,
- flash, url_for, request)
-from flask.ext.babel import gettext
-from flask.ext.login import login_required
-
-from flask.ext.principal import Permission, RoleNeed
+from datetime import datetime
+from flask import (Blueprint, render_template, redirect, flash, url_for)
+from flask.ext.babel import gettext, format_timedelta
+from flask.ext.login import login_required, current_user
+from werkzeug import generate_password_hash
+from web.views.common import admin_permission
from web.lib.utils import redirect_url
-from web.models import Role
from web.controllers import UserController, ArticleController
-
from web.forms import InformationMessageForm, UserForm
-from web import notifications
admin_bp = Blueprint('admin', __name__, url_prefix='/admin')
-admin_permission = Permission(RoleNeed('admin'))
@admin_bp.route('/dashboard', methods=['GET', 'POST'])
@login_required
@admin_permission.require(http_exception=403)
def dashboard():
- """
- Adminstrator's dashboard.
- """
+ last_cons, now = {}, datetime.utcnow()
+ users = list(UserController().read().order_by('id'))
form = InformationMessageForm()
+ for user in users:
+ last_cons[user.id] = format_timedelta(now - user.last_seen)
+ return render_template('admin/dashboard.html', now=datetime.utcnow(),
+ last_cons=last_cons, users=users, current_user=current_user,
+ form=form)
+
- if request.method == 'POST':
- if form.validate():
- try:
- notifications.information_message(form.subject.data,
- form.message.data)
- except Exception as error:
- flash(gettext(
- 'Problem while sending email: %(error)s', error=error),
- 'danger')
+@admin_bp.route('/user/<int:user_id>', methods=['GET'])
+@login_required
+@admin_permission.require(http_exception=403)
+def user(user_id=None):
+ """
+ See information about a user (stations, etc.).
+ """
+ user = UserController().get(id=user_id)
+ if user is not None:
+ article_contr = ArticleController(user_id)
+ return render_template('/admin/user.html', user=user, feeds=user.feeds,
+ article_count=article_contr.count_by_feed(),
+ unread_article_count=article_contr.count_by_feed(readed=False))
- users = UserController().read()
- return render_template('admin/dashboard.html',
- users=users, current_user=g.user, form=form)
+ else:
+ flash(gettext('This user does not exist.'), 'danger')
+ return redirect(redirect_url())
@admin_bp.route('/user/create', methods=['GET'])
@@ -71,7 +76,6 @@ def process_user_form(user_id=None):
return render_template('/admin/create_user.html', form=form,
message=gettext('Some errors were found'))
- role_user = Role.query.filter(Role.name == "user").first()
if user_id is not None:
# Edit a user
user_contr.update({'id': user_id},
@@ -86,50 +90,14 @@ def process_user_form(user_id=None):
# Create a new user (by the admin)
user = user_contr.create(nickname=form.nickname.data,
email=form.email.data,
- password=form.password.data,
- roles=[role_user],
- refresh_rate=form.refresh_rate.data,
- enabled=True)
+ pwdhash=generate_password_hash(form.password.data),
+ is_admin=False,
+ refresh_rate=form.refresh_rate.data)
flash(gettext('User %(nick)s successfully created',
nick=user.nickname), 'success')
return redirect(url_for('admin.user_form', user_id=user.id))
-@admin_bp.route('/user/<int:user_id>', methods=['GET'])
-@login_required
-@admin_permission.require(http_exception=403)
-def user(user_id=None):
- """
- See information about a user (stations, etc.).
- """
- user = UserController().get(id=user_id)
- if user is not None:
- article_contr = ArticleController(user_id)
- return render_template('/admin/user.html', user=user, feeds=user.feeds,
- article_count=article_contr.count_by_feed(),
- unread_article_count=article_contr.count_by_feed(readed=False))
-
- else:
- flash(gettext('This user does not exist.'), 'danger')
- return redirect(redirect_url())
-
-
-@admin_bp.route('/delete_user/<int:user_id>', methods=['GET'])
-@login_required
-@admin_permission.require(http_exception=403)
-def delete_user(user_id=None):
- """
- Delete a user (with all its data).
- """
- try:
- user = UserController().delete(user_id)
- flash(gettext('User %(nick)s successfully deleted',
- nick=user.nickname), 'success')
- except Exception as error:
- flash(gettext('An error occured while trying to delete a user: '
- '%(error)', error=error), 'danger')
- return redirect(redirect_url())
-
@admin_bp.route('/toggle_user/<int:user_id>', methods=['GET'])
@login_required
@admin_permission.require()
@@ -137,14 +105,18 @@ def toggle_user(user_id=None):
"""
Enable or disable the account of a user.
"""
- user_contr = UserController()
- user = user_contr.get(id=user_id)
+ ucontr = UserController()
+ user = ucontr.get(id=user_id)
+ user_changed = ucontr.update({'id': user_id},
+ {'is_active': not user.is_active})
- if user is None:
+ if not user_changed:
flash(gettext('This user does not exist.'), 'danger')
return redirect(url_for('admin.dashboard'))
- user_contr.update({'id': user.id}, {'enabled': not user.enabled})
- flash(gettext('Account of the user %(nick)s successfully '
- 'updated.', nick=user.nickname), 'success')
+ else:
+ act_txt = 'activated' if user.is_active else 'desactivated'
+ message = gettext('User %(login)s successfully %(is_active)s',
+ login=user.login, is_active=act_txt)
+ flash(message, 'success')
return redirect(url_for('admin.dashboard'))
diff --git a/src/web/views/api/__init__.py b/src/web/views/api/__init__.py
index 90e1ab0f..458e031b 100644
--- a/src/web/views/api/__init__.py
+++ b/src/web/views/api/__init__.py
@@ -1,31 +1,3 @@
-#! /usr/bin/env python
-# -*- coding: utf-8 -*-
-
-# jarr - A Web based news aggregator.
-# Copyright (C) 2010-2016 Cédric Bonhomme - http://JARR-aggregator.org/
-#
-# For more information : https://github.com/JARR-aggregator/JARR/
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-__author__ = "Cedric Bonhomme"
-__version__ = "$Revision: 0.2 $"
-__date__ = "$Date: 2014/06/18 $"
-__revision__ = "$Date: 2014/07/05 $"
-__copyright__ = "Copyright (c) Cedric Bonhomme"
-__license__ = "AGPLv3"
-
from web.views.api import article, feed, category
__all__ = ['article', 'feed', 'category']
diff --git a/src/web/views/api/article.py b/src/web/views/api/article.py
index 23c5c495..5971f47d 100644
--- a/src/web/views/api/article.py
+++ b/src/web/views/api/article.py
@@ -1,66 +1,53 @@
-#! /usr/bin/env python
-# -*- coding: utf-8 -
-
-from flask import g
+from conf import API_ROOT
import dateutil.parser
+from datetime import datetime
+from flask import current_app
+from flask.ext.restful import Api
+from web.views.common import api_permission
from web.controllers import ArticleController
-from web.views.api.common import PyAggAbstractResource,\
- PyAggResourceNew, \
- PyAggResourceExisting, \
- PyAggResourceMulti
-
-
-ARTICLE_ATTRS = {'user_id': {'type': int},
- 'feed_id': {'type': int},
- 'category_id': {'type': int},
- 'entry_id': {'type': str},
- 'link': {'type': str},
- 'title': {'type': str},
- 'readed': {'type': bool},
- 'like': {'type': bool},
- 'content': {'type': str},
- 'date': {'type': str},
- 'retrieved_date': {'type': str}}
+from web.views.api.common import (PyAggAbstractResource,
+ PyAggResourceNew, PyAggResourceExisting, PyAggResourceMulti)
class ArticleNewAPI(PyAggResourceNew):
controller_cls = ArticleController
- attrs = ARTICLE_ATTRS
- to_date = ['date', 'retrieved_date']
class ArticleAPI(PyAggResourceExisting):
controller_cls = ArticleController
- attrs = ARTICLE_ATTRS
- to_date = ['date', 'retrieved_date']
class ArticlesAPI(PyAggResourceMulti):
controller_cls = ArticleController
- attrs = ARTICLE_ATTRS
- to_date = ['date', 'retrieved_date']
class ArticlesChallenge(PyAggAbstractResource):
controller_cls = ArticleController
attrs = {'ids': {'type': list, 'default': []}}
- to_date = ['date', 'retrieved_date']
+ @api_permission.require(http_exception=403)
def get(self):
- parsed_args = self.reqparse_args()
+ parsed_args = self.reqparse_args(right='read')
+ # collecting all attrs for casting purpose
+ attrs = self.controller_cls._get_attrs_desc('admin')
for id_dict in parsed_args['ids']:
- for key in self.to_date:
- if key in id_dict:
+ keys_to_ignore = []
+ for key in id_dict:
+ if key not in attrs:
+ keys_to_ignore.append(key)
+ if issubclass(attrs[key]['type'], datetime):
id_dict[key] = dateutil.parser.parse(id_dict[key])
+ for key in keys_to_ignore:
+ del id_dict[key]
- result = list(self.wider_controller.challenge(parsed_args['ids']))
+ result = list(self.controller.challenge(parsed_args['ids']))
return result or None, 200 if result else 204
+api = Api(current_app, prefix=API_ROOT)
-g.api.add_resource(ArticleNewAPI, '/article', endpoint='article_new.json')
-g.api.add_resource(ArticleAPI, '/article/<int:obj_id>',
- endpoint='article.json')
-g.api.add_resource(ArticlesAPI, '/articles', endpoint='articles.json')
-g.api.add_resource(ArticlesChallenge, '/articles/challenge',
- endpoint='articles_challenge.json')
+api.add_resource(ArticleNewAPI, '/article', endpoint='article_new.json')
+api.add_resource(ArticleAPI, '/article/<int:obj_id>', endpoint='article.json')
+api.add_resource(ArticlesAPI, '/articles', endpoint='articles.json')
+api.add_resource(ArticlesChallenge, '/articles/challenge',
+ endpoint='articles_challenge.json')
diff --git a/src/web/views/api/category.py b/src/web/views/api/category.py
index 7923279a..eecfa785 100644
--- a/src/web/views/api/category.py
+++ b/src/web/views/api/category.py
@@ -1,4 +1,6 @@
-from flask import g
+from conf import API_ROOT
+from flask import current_app
+from flask.ext.restful import Api
from web.controllers.category import CategoryController
from web.views.api.common import (PyAggResourceNew,
@@ -6,26 +8,20 @@ from web.views.api.common import (PyAggResourceNew,
PyAggResourceMulti)
-CAT_ATTRS = {'name': {'type': str},
- 'user_id': {'type': int}}
-
-
class CategoryNewAPI(PyAggResourceNew):
controller_cls = CategoryController
- attrs = CAT_ATTRS
class CategoryAPI(PyAggResourceExisting):
controller_cls = CategoryController
- attrs = CAT_ATTRS
class CategoriesAPI(PyAggResourceMulti):
controller_cls = CategoryController
- attrs = CAT_ATTRS
-g.api.add_resource(CategoryNewAPI, '/category', endpoint='category_new.json')
-g.api.add_resource(CategoryAPI, '/category/<int:obj_id>',
- endpoint='category.json')
-g.api.add_resource(CategoriesAPI, '/categories', endpoint='categories.json')
+api = Api(current_app, prefix=API_ROOT)
+api.add_resource(CategoryNewAPI, '/category', endpoint='category_new.json')
+api.add_resource(CategoryAPI, '/category/<int:obj_id>',
+ endpoint='category.json')
+api.add_resource(CategoriesAPI, '/categories', endpoint='categories.json')
diff --git a/src/web/views/api/common.py b/src/web/views/api/common.py
index c155a254..ace6ba3a 100644
--- a/src/web/views/api/common.py
+++ b/src/web/views/api/common.py
@@ -1,6 +1,3 @@
-#! /usr/bin/env python
-# -*- coding: utf-8 -
-
"""For a given resources, classes in the module intend to create the following
routes :
GET resource/<id>
@@ -21,82 +18,53 @@ routes :
DELETE resources
-> to delete several
"""
-import ast
-import json
import logging
-import dateutil.parser
from functools import wraps
-from werkzeug.exceptions import Unauthorized, BadRequest
-from flask import request, g, session, Response
+from werkzeug.exceptions import Unauthorized, BadRequest, Forbidden, NotFound
+from flask import request
from flask.ext.restful import Resource, reqparse
+from flask.ext.login import current_user
-from web.lib.utils import default_handler
-from web.models import User
+from web.views.common import admin_permission, api_permission, \
+ login_user_bundle, jsonify
+from web.controllers import UserController
logger = logging.getLogger(__name__)
def authenticate(func):
- """
- Decorator for the authentication to the web services.
- """
@wraps(func)
def wrapper(*args, **kwargs):
- logged_in = False
- if not getattr(func, 'authenticated', True):
- logged_in = True
- # authentication based on the session (already logged on the site)
- elif 'email' in session or g.user.is_authenticated:
- logged_in = True
- else:
- # authentication via HTTP only
- auth = request.authorization
- if auth is not None:
- user = User.query.filter(
- User.nickname == auth.username).first()
- if user and user.check_password(auth.password) and user.enabled:
- g.user = user
- logged_in = True
- if logged_in:
+ if request.authorization:
+ ucontr = UserController()
+ try:
+ user = ucontr.get(login=request.authorization.username)
+ except NotFound:
+ raise Forbidden("Couldn't authenticate your user")
+ if not ucontr.check_password(user, request.authorization.password):
+ raise Forbidden("Couldn't authenticate your user")
+ if not user.is_active:
+ raise Forbidden("User is desactivated")
+ login_user_bundle(user)
+ if current_user.is_authenticated:
return func(*args, **kwargs)
- raise Unauthorized({'WWWAuthenticate': 'Basic realm="Login Required"'})
- return wrapper
-
-
-def to_response(func):
- """Will cast results of func as a result, and try to extract
- a status_code for the Response object"""
- def wrapper(*args, **kwargs):
- status_code = 200
- result = func(*args, **kwargs)
- if isinstance(result, Response):
- return result
- elif isinstance(result, tuple):
- result, status_code = result
- return Response(json.dumps(result, default=default_handler),
- status=status_code)
+ raise Unauthorized()
return wrapper
class PyAggAbstractResource(Resource):
- method_decorators = [authenticate, to_response]
- attrs = {}
- to_date = [] # list of fields to cast to datetime
-
- def __init__(self, *args, **kwargs):
- super(PyAggAbstractResource, self).__init__(*args, **kwargs)
+ method_decorators = [authenticate, jsonify]
+ controller_cls = None
+ attrs = None
@property
def controller(self):
- return self.controller_cls(getattr(g.user, 'id', None))
-
- @property
- def wider_controller(self):
- if g.user.is_admin():
+ if admin_permission.can():
return self.controller_cls()
- return self.controller_cls(getattr(g.user, 'id', None))
+ return self.controller_cls(current_user.id)
- def reqparse_args(self, req=None, strict=False, default=True, args=None):
+ def reqparse_args(self, right, req=None, strict=False, default=True,
+ allow_empty=False):
"""
strict: bool
if True will throw 400 error if args are defined and not in request
@@ -105,31 +73,39 @@ class PyAggAbstractResource(Resource):
args: dict
the args to parse, if None, self.attrs will be used
"""
+ try:
+ in_values = req.json if req else (request.json or {})
+ if not in_values and allow_empty:
+ return {}
+ except BadRequest:
+ if allow_empty:
+ return {}
+ raise
parser = reqparse.RequestParser()
- for attr_name, attrs in (args or self.attrs).items():
- if attrs.pop('force_default', False):
- parser.add_argument(attr_name, location='json', **attrs)
- elif not default and (not request.json
- or request.json and attr_name not in request.json):
+ if self.attrs is not None:
+ attrs = self.attrs
+ elif admin_permission.can():
+ attrs = self.controller_cls._get_attrs_desc('admin')
+ elif api_permission.can():
+ attrs = self.controller_cls._get_attrs_desc('api', right)
+ else:
+ attrs = self.controller_cls._get_attrs_desc('base', right)
+ assert attrs, "No defined attrs for %s" % self.__class__.__name__
+
+ for attr_name, attr in attrs.items():
+ if not default and attr_name not in in_values:
continue
else:
- parser.add_argument(attr_name, location='json', **attrs)
- parsed = parser.parse_args(strict=strict) if req is None \
- else parser.parse_args(req, strict=strict)
- for field in self.to_date:
- if parsed.get(field):
- try:
- parsed[field] = dateutil.parser.parse(parsed[field])
- except Exception:
- logger.exception('failed to parse %r', parsed[field])
- return parsed
+ parser.add_argument(attr_name, location='json', **attr)
+ return parser.parse_args(req=req, strict=strict)
class PyAggResourceNew(PyAggAbstractResource):
+ @api_permission.require(http_exception=403)
def post(self):
"""Create a single new object"""
- return self.controller.create(**self.reqparse_args()), 201
+ return self.controller.create(**self.reqparse_args(right='write')), 201
class PyAggResourceExisting(PyAggAbstractResource):
@@ -140,14 +116,10 @@ class PyAggResourceExisting(PyAggAbstractResource):
def put(self, obj_id=None):
"""update an object, new attrs should be passed in the payload"""
- args = self.reqparse_args(default=False)
- new_values = {key: args[key] for key in
- set(args).intersection(self.attrs)}
- if 'user_id' in new_values and g.user.is_admin():
- controller = self.wider_controller
- else:
- controller = self.controller
- return controller.update({'id': obj_id}, new_values), 200
+ args = self.reqparse_args(right='write', default=False)
+ if not args:
+ raise BadRequest()
+ return self.controller.update({'id': obj_id}, args), 200
def delete(self, obj_id=None):
"""delete a object"""
@@ -164,73 +136,75 @@ class PyAggResourceMulti(PyAggAbstractResource):
try:
limit = request.json.pop('limit', 10)
order_by = request.json.pop('order_by', None)
- query = self.controller.read(**request.json)
- except:
- args = {}
- for k, v in request.args.items():
- if k in self.attrs.keys():
- if self.attrs[k]['type'] in [bool, int]:
- args[k] = ast.literal_eval(v)
- else:
- args[k] = v
- limit = request.args.get('limit', 10)
- order_by = request.args.get('order_by', None)
- query = self.controller.read(**args)
+ args = self.reqparse_args(right='read', default=False)
+ except BadRequest:
+ limit, order_by, args = 10, None, {}
+ query = self.controller.read(**args)
if order_by:
query = query.order_by(order_by)
if limit:
query = query.limit(limit)
return [res for res in query]
+ @api_permission.require(http_exception=403)
def post(self):
- """creating several objects. payload should be a list of dict.
+ """creating several objects. payload should be:
+ >>> payload
+ [{attr1: val1, attr2: val2}, {attr1: val1, attr2: val2}]
"""
- if 'application/json' not in request.headers.get('Content-Type'):
- raise BadRequest("Content-Type must be application/json")
- status = 201
- results = []
+ assert 'application/json' in request.headers.get('Content-Type')
+ status, fail_count, results = 200, 0, []
+
+ class Proxy:
+ pass
for attrs in request.json:
try:
- results.append(self.controller.create(**attrs).id)
+ Proxy.json = attrs
+ args = self.reqparse_args('write', req=Proxy, default=False)
+ obj = self.controller.create(**args)
+ results.append(obj)
except Exception as error:
- status = 206
+ fail_count += 1
results.append(str(error))
- # if no operation succeded, it's not partial anymore, returning err 500
- if status == 206 and results.count('ok') == 0:
+ if fail_count == len(results): # all failed => 500
status = 500
+ elif fail_count: # some failed => 206
+ status = 206
return results, status
def put(self):
- """creating several objects. payload should be:
+ """updating several objects. payload should be:
>>> payload
[[obj_id1, {attr1: val1, attr2: val2}]
[obj_id2, {attr1: val1, attr2: val2}]]
"""
- if 'application/json' not in request.headers.get('Content-Type'):
- raise BadRequest("Content-Type must be application/json")
- status = 200
- results = []
+ assert 'application/json' in request.headers.get('Content-Type')
+ status, results = 200, []
+
+ class Proxy:
+ pass
for obj_id, attrs in request.json:
try:
- new_values = {key: attrs[key] for key in
- set(attrs).intersection(self.attrs)}
- self.controller.update({'id': obj_id}, new_values)
- results.append('ok')
+ Proxy.json = attrs
+ args = self.reqparse_args('write', req=Proxy, default=False)
+ result = self.controller.update({'id': obj_id}, args)
+ if result:
+ results.append('ok')
+ else:
+ results.append('nok')
except Exception as error:
- status = 206
results.append(str(error))
- # if no operation succeded, it's not partial anymore, returning err 500
- if status == 206 and results.count('ok') == 0:
+ if results.count('ok') == 0: # all failed => 500
status = 500
+ elif results.count('ok') != len(results): # some failed => 206
+ status = 206
return results, status
def delete(self):
"""will delete several objects,
a list of their ids should be in the payload"""
- if 'application/json' not in request.headers.get('Content-Type'):
- raise BadRequest("Content-Type must be application/json")
- status = 204
- results = []
+ assert 'application/json' in request.headers.get('Content-Type')
+ status, results = 204, []
for obj_id in request.json:
try:
self.controller.delete(obj_id)
diff --git a/src/web/views/api/feed.py b/src/web/views/api/feed.py
index 604620b4..774bff5f 100644
--- a/src/web/views/api/feed.py
+++ b/src/web/views/api/feed.py
@@ -1,8 +1,8 @@
-#! /usr/bin/env python
-# -*- coding: utf-8 -
-
-from flask import g
+from conf import API_ROOT
+from flask import current_app
+from flask.ext.restful import Api
+from web.views.common import api_permission
from web.controllers.feed import (FeedController,
DEFAULT_MAX_ERROR,
DEFAULT_LIMIT,
@@ -13,59 +13,37 @@ from web.views.api.common import PyAggAbstractResource, \
PyAggResourceExisting, \
PyAggResourceMulti
-FEED_ATTRS = {'title': {'type': str},
- 'description': {'type': str},
- 'link': {'type': str},
- 'user_id': {'type': int},
- 'category_id': {'type': int},
- 'site_link': {'type': str},
- 'enabled': {'type': bool, 'default': True},
- 'etag': {'type': str, 'default': ''},
- 'icon_url': {'type': str, 'default': ''},
- 'filters': {'type': list},
- 'last_modified': {'type': str},
- 'last_retrieved': {'type': str},
- 'last_error': {'type': str},
- 'error_count': {'type': int, 'default': 0}}
class FeedNewAPI(PyAggResourceNew):
controller_cls = FeedController
- attrs = FEED_ATTRS
- to_date = ['date', 'last_retrieved']
+
class FeedAPI(PyAggResourceExisting):
controller_cls = FeedController
- attrs = FEED_ATTRS
- to_date = ['date', 'last_retrieved']
+
class FeedsAPI(PyAggResourceMulti):
controller_cls = FeedController
- attrs = FEED_ATTRS
- to_date = ['date', 'last_retrieved']
+
class FetchableFeedAPI(PyAggAbstractResource):
controller_cls = FeedController
- to_date = ['date', 'last_retrieved']
attrs = {'max_error': {'type': int, 'default': DEFAULT_MAX_ERROR},
'limit': {'type': int, 'default': DEFAULT_LIMIT},
- 'refresh_rate': {'type': int, 'default': DEFAULT_REFRESH_RATE},
- 'retreive_all': {'type': bool, 'default': False}}
+ 'refresh_rate': {'type': int, 'default': DEFAULT_REFRESH_RATE}}
+ @api_permission.require(http_exception=403)
def get(self):
- args = self.reqparse_args()
- if g.user.refresh_rate:
- args['refresh_rate'] = g.user.refresh_rate
-
- if args.pop('retreive_all', False):
- contr = self.wider_controller
- else:
- contr = self.controller
- result = [feed for feed in contr.list_fetchable(**args)]
+ args = self.reqparse_args(right='read', allow_empty=True)
+ result = [feed for feed
+ in self.controller.list_fetchable(**args)]
return result or None, 200 if result else 204
-g.api.add_resource(FeedNewAPI, '/feed', endpoint='feed_new.json')
-g.api.add_resource(FeedAPI, '/feed/<int:obj_id>', endpoint='feed.json')
-g.api.add_resource(FeedsAPI, '/feeds', endpoint='feeds.json')
-g.api.add_resource(FetchableFeedAPI, '/feeds/fetchable',
- endpoint='fetchable_feed.json')
+api = Api(current_app, prefix=API_ROOT)
+
+api.add_resource(FeedNewAPI, '/feed', endpoint='feed_new.json')
+api.add_resource(FeedAPI, '/feed/<int:obj_id>', endpoint='feed.json')
+api.add_resource(FeedsAPI, '/feeds', endpoint='feeds.json')
+api.add_resource(FetchableFeedAPI, '/feeds/fetchable',
+ endpoint='fetchable_feed.json')
diff --git a/src/web/views/article.py b/src/web/views/article.py
index 7996e894..407345c3 100644
--- a/src/web/views/article.py
+++ b/src/web/views/article.py
@@ -1,14 +1,16 @@
-#! /usr/bin/env python
-# -*- coding: utf-8 -
from datetime import datetime, timedelta
from flask import (Blueprint, g, render_template, redirect,
- flash, url_for, request)
+ flash, url_for, make_response, request)
+
from flask.ext.babel import gettext
-from flask.ext.login import login_required
+from flask.ext.login import login_required, current_user
+
from bootstrap import db
+from web.export import export_json, export_html
from web.lib.utils import clear_string, redirect_url
-from web.controllers import ArticleController
+from web.controllers import (ArticleController, UserController,
+ CategoryController)
from web.lib.view_utils import etag_match
articles_bp = Blueprint('articles', __name__, url_prefix='/articles')
@@ -18,7 +20,7 @@ article_bp = Blueprint('article', __name__, url_prefix='/article')
@article_bp.route('/redirect/<int:article_id>', methods=['GET'])
@login_required
def redirect_to_article(article_id):
- contr = ArticleController(g.user.id)
+ contr = ArticleController(current_user.id)
article = contr.get(id=article_id)
if not article.readed:
contr.update({'id': article.id}, {'readed': True})
@@ -32,7 +34,7 @@ def article(article_id=None):
"""
Presents the content of an article.
"""
- article = ArticleController(g.user.id).get(id=article_id)
+ article = ArticleController(current_user.id).get(id=article_id)
previous_article = article.previous_article()
if previous_article is None:
previous_article = article.source.articles[0]
@@ -53,7 +55,7 @@ def like(article_id=None):
"""
Mark or unmark an article as favorites.
"""
- art_contr = ArticleController(g.user.id)
+ art_contr = ArticleController(current_user.id)
article = art_contr.get(id=article_id)
art_contr = art_contr.update({'id': article_id},
{'like': not article.like})
@@ -66,7 +68,7 @@ def delete(article_id=None):
"""
Delete an article from the database.
"""
- article = ArticleController(g.user.id).delete(article_id)
+ article = ArticleController(current_user.id).delete(article_id)
flash(gettext('Article %(article_title)s deleted',
article_title=article.title), 'success')
return redirect(url_for('home'))
@@ -77,9 +79,9 @@ def delete(article_id=None):
@articles_bp.route('/history/<int:year>/<int:month>', methods=['GET'])
@login_required
def history(year=None, month=None):
- counter, articles = ArticleController(g.user.id).get_history(year, month)
- return render_template('history.html', articles_counter=counter,
- articles=articles, year=year, month=month)
+ cntr, artcles = ArticleController(current_user.id).get_history(year, month)
+ return render_template('history.html', articles_counter=cntr,
+ articles=artcles, year=year, month=month)
@article_bp.route('/mark_as/<string:new_value>', methods=['GET'])
@@ -91,7 +93,7 @@ def mark_as(new_value='read', feed_id=None, article_id=None):
Mark all unreaded articles as read.
"""
readed = new_value == 'read'
- art_contr = ArticleController(g.user.id)
+ art_contr = ArticleController(current_user.id)
filters = {'readed': not readed}
if feed_id is not None:
filters['feed_id'] = feed_id
@@ -117,7 +119,7 @@ def expire():
"""
current_time = datetime.utcnow()
weeks_ago = current_time - timedelta(int(request.args.get('weeks', 10)))
- art_contr = ArticleController(g.user.id)
+ art_contr = ArticleController(current_user.id)
query = art_contr.read(__or__={'date__lt': weeks_ago,
'retrieved_date__lt': weeks_ago})
@@ -126,3 +128,47 @@ def expire():
db.session.commit()
flash(gettext('%(count)d articles deleted', count=count), 'info')
return redirect(redirect_url())
+
+
+@articles_bp.route('/export', methods=['GET'])
+@login_required
+def export():
+ """
+ Export all articles to HTML or JSON.
+ """
+ user = UserController(current_user.id).get(id=current_user.id)
+ if request.args.get('format') == "HTML":
+ # Export to HTML
+ try:
+ archive_file, archive_file_name = export_html(user)
+ except Exception as e:
+ print(e)
+ flash(gettext("Error when exporting articles."), 'danger')
+ return redirect(redirect_url())
+ response = make_response(archive_file)
+ response.headers['Content-Type'] = 'application/x-compressed'
+ response.headers['Content-Disposition'] = 'attachment; filename=%s' \
+ % archive_file_name
+ elif request.args.get('format') == "JSON":
+ # Export to JSON
+ try:
+ json_result = export_json(user)
+ except Exception as e:
+ flash(gettext("Error when exporting articles."), 'danger')
+ return redirect(redirect_url())
+ response = make_response(json_result)
+ response.mimetype = 'application/json'
+ response.headers["Content-Disposition"] \
+ = 'attachment; filename=account.json'
+ elif request.args.get('format') == "OPML":
+ categories = {cat.id: cat.dump()
+ for cat in CategoryController(user.id).read()}
+ response = make_response(render_template('opml.xml', user=user,
+ categories=categories,
+ now=datetime.now()))
+ response.headers['Content-Type'] = 'application/xml'
+ response.headers['Content-Disposition'] = 'attachment; filename=feeds.opml'
+ else:
+ flash(gettext('Export format not supported.'), 'warning')
+ return redirect(redirect_url())
+ return response
diff --git a/src/web/views/category.py b/src/web/views/category.py
index 20b90caa..a7447775 100644
--- a/src/web/views/category.py
+++ b/src/web/views/category.py
@@ -1,6 +1,6 @@
-from flask import g, Blueprint, render_template, flash, redirect, url_for
+from flask import Blueprint, render_template, flash, redirect, url_for
from flask.ext.babel import gettext
-from flask.ext.login import login_required
+from flask.ext.login import login_required, current_user
from web.forms import CategoryForm
from web.lib.utils import redirect_url
@@ -17,10 +17,10 @@ category_bp = Blueprint('category', __name__, url_prefix='/category')
@etag_match
def list_():
"Lists the subscribed feeds in a table."
- art_contr = ArticleController(g.user.id)
+ art_contr = ArticleController(current_user.id)
return render_template('categories.html',
- categories=list(CategoryController(g.user.id).read()),
- feeds_count=FeedController(g.user.id).count_by_category(),
+ categories=list(CategoryController(current_user.id).read()),
+ feeds_count=FeedController(current_user.id).count_by_category(),
unread_article_count=art_contr.count_by_category(readed=False),
article_count=art_contr.count_by_category())
@@ -35,7 +35,7 @@ def form(category_id=None):
if category_id is None:
return render_template('edit_category.html', action=action,
head_titles=head_titles, form=CategoryForm())
- category = CategoryController(g.user.id).get(id=category_id)
+ category = CategoryController(current_user.id).get(id=category_id)
action = gettext('Edit category')
head_titles = [action]
if category.name:
@@ -48,7 +48,7 @@ def form(category_id=None):
@category_bp.route('/delete/<int:category_id>', methods=['GET'])
@login_required
def delete(category_id=None):
- category = CategoryController(g.user.id).delete(category_id)
+ category = CategoryController(current_user.id).delete(category_id)
flash(gettext("Category %(category_name)s successfully deleted.",
category_name=category.name), 'success')
return redirect(redirect_url())
@@ -59,7 +59,7 @@ def delete(category_id=None):
@login_required
def process_form(category_id=None):
form = CategoryForm()
- cat_contr = CategoryController(g.user.id)
+ cat_contr = CategoryController(current_user.id)
if not form.validate():
return render_template('edit_category.html', form=form)
diff --git a/src/web/views/common.py b/src/web/views/common.py
new file mode 100644
index 00000000..690c4d1c
--- /dev/null
+++ b/src/web/views/common.py
@@ -0,0 +1,53 @@
+import json
+from functools import wraps
+from datetime import datetime
+from flask import current_app, Response
+from flask.ext.login import login_user
+from flask.ext.principal import (Identity, Permission, RoleNeed,
+ session_identity_loader, identity_changed)
+from web.controllers import UserController
+from web.lib.utils import default_handler
+
+admin_role = RoleNeed('admin')
+api_role = RoleNeed('api')
+
+admin_permission = Permission(admin_role)
+api_permission = Permission(api_role)
+
+
+def scoped_default_handler():
+ if admin_permission.can():
+ role = 'admin'
+ elif api_permission.can():
+ role = 'api'
+ else:
+ role = 'user'
+
+ @wraps(default_handler)
+ def wrapper(obj):
+ return default_handler(obj, role=role)
+ return wrapper
+
+
+def jsonify(func):
+ """Will cast results of func as a result, and try to extract
+ a status_code for the Response object"""
+ @wraps(func)
+ def wrapper(*args, **kwargs):
+ status_code = 200
+ result = func(*args, **kwargs)
+ if isinstance(result, Response):
+ return result
+ elif isinstance(result, tuple):
+ result, status_code = result
+ return Response(json.dumps(result, default=scoped_default_handler()),
+ mimetype='application/json', status=status_code)
+ return wrapper
+
+
+def login_user_bundle(user):
+ login_user(user)
+ identity_changed.send(current_app, identity=Identity(user.id))
+ session_identity_loader()
+ UserController(user.id).update(
+ {'id': user.id}, {'last_seen': datetime.utcnow()})
diff --git a/src/web/views/feed.py b/src/web/views/feed.py
index 4a07ac52..69e093b2 100644
--- a/src/web/views/feed.py
+++ b/src/web/views/feed.py
@@ -1,15 +1,13 @@
-#! /usr/bin/env python
-# -*- coding: utf-8 -
import logging
import requests.exceptions
from datetime import datetime, timedelta
from sqlalchemy import desc
from werkzeug.exceptions import BadRequest
-from flask import Blueprint, g, render_template, flash, \
+from flask import Blueprint, render_template, flash, \
redirect, request, url_for
from flask.ext.babel import gettext
-from flask.ext.login import login_required
+from flask.ext.login import login_required, current_user
import conf
from web import utils
@@ -29,9 +27,9 @@ feed_bp = Blueprint('feed', __name__, url_prefix='/feed')
@etag_match
def feeds():
"Lists the subscribed feeds in a table."
- art_contr = ArticleController(g.user.id)
+ art_contr = ArticleController(current_user.id)
return render_template('feeds.html',
- feeds=FeedController(g.user.id).read(),
+ feeds=FeedController(current_user.id).read(),
unread_article_count=art_contr.count_by_feed(readed=False),
article_count=art_contr.count_by_feed())
@@ -41,12 +39,12 @@ def feeds():
@etag_match
def feed(feed_id=None):
"Presents detailed information about a feed."
- feed = FeedController(g.user.id).get(id=feed_id)
+ feed = FeedController(current_user.id).get(id=feed_id)
word_size = 6
category = None
if feed.category_id:
- category = CategoryController(g.user.id).get(id=feed.category_id)
- articles = ArticleController(g.user.id) \
+ category = CategoryController(current_user.id).get(id=feed.category_id)
+ articles = ArticleController(current_user.id) \
.read(feed_id=feed_id) \
.order_by(desc("date")).all()
top_words = utils.top_words(articles, n=50, size=int(word_size))
@@ -76,7 +74,7 @@ def feed(feed_id=None):
@feed_bp.route('/delete/<feed_id>', methods=['GET'])
@login_required
def delete(feed_id=None):
- feed_contr = FeedController(g.user.id)
+ feed_contr = FeedController(current_user.id)
feed = feed_contr.get(id=feed_id)
feed_contr.delete(feed_id)
flash(gettext("Feed %(feed_title)s successfully deleted.",
@@ -87,7 +85,7 @@ def delete(feed_id=None):
@feed_bp.route('/reset_errors/<int:feed_id>', methods=['GET', 'POST'])
@login_required
def reset_errors(feed_id):
- feed_contr = FeedController(g.user.id)
+ feed_contr = FeedController(current_user.id)
feed = feed_contr.get(id=feed_id)
feed_contr.update({'id': feed_id}, {'error_count': 0, 'last_error': ''})
flash(gettext('Feed %(feed_title)r successfully updated.',
@@ -98,7 +96,7 @@ def reset_errors(feed_id):
@feed_bp.route('/bookmarklet', methods=['GET', 'POST'])
@login_required
def bookmarklet():
- feed_contr = FeedController(g.user.id)
+ feed_contr = FeedController(current_user.id)
url = (request.args if request.method == 'GET' else request.form)\
.get('url', None)
if not url:
@@ -128,7 +126,7 @@ def bookmarklet():
feed = feed_contr.create(**feed)
flash(gettext('Feed was successfully created.'), 'success')
if feed.enabled and conf.CRAWLING_METHOD == "classic":
- utils.fetch(g.user.id, feed.id)
+ utils.fetch(current_user.id, feed.id)
flash(gettext("Downloading articles for the new feed..."), 'info')
return redirect(url_for('feed.form', feed_id=feed.id))
@@ -146,7 +144,7 @@ def update(action, feed_id=None):
if feed_id:
filters['feed_id'] = feed_id
- ArticleController(g.user.id).update(filters, {'readed': readed})
+ ArticleController(current_user.id).update(filters, {'readed': readed})
flash(gettext('Feed successfully updated.'), 'success')
return redirect(request.referrer or url_for('home'))
@@ -157,14 +155,14 @@ def update(action, feed_id=None):
@etag_match
def form(feed_id=None):
action = gettext("Add a feed")
- categories = CategoryController(g.user.id).read()
+ categories = CategoryController(current_user.id).read()
head_titles = [action]
if feed_id is None:
form = AddFeedForm()
form.set_category_choices(categories)
return render_template('edit_feed.html', action=action,
head_titles=head_titles, form=form)
- feed = FeedController(g.user.id).get(id=feed_id)
+ feed = FeedController(current_user.id).get(id=feed_id)
form = AddFeedForm(obj=feed)
form.set_category_choices(categories)
action = gettext('Edit feed')
@@ -181,8 +179,8 @@ def form(feed_id=None):
@login_required
def process_form(feed_id=None):
form = AddFeedForm()
- feed_contr = FeedController(g.user.id)
- form.set_category_choices(CategoryController(g.user.id).read())
+ feed_contr = FeedController(current_user.id)
+ form.set_category_choices(CategoryController(current_user.id).read())
if not form.validate():
return render_template('edit_feed.html', form=form)
@@ -217,7 +215,7 @@ def process_form(feed_id=None):
feed_title=new_feed.title), 'success')
if conf.CRAWLING_METHOD == "classic":
- utils.fetch(g.user.id, new_feed.id)
+ utils.fetch(current_user.id, new_feed.id)
flash(gettext("Downloading articles for the new feed..."), 'info')
return redirect(url_for('feed.form', feed_id=new_feed.id))
@@ -230,7 +228,7 @@ def inactives():
List of inactive feeds.
"""
nb_days = int(request.args.get('nb_days', 365))
- inactives = FeedController(g.user.id).get_inactives(nb_days)
+ inactives = FeedController(current_user.id).get_inactives(nb_days)
return render_template('inactives.html',
inactives=inactives, nb_days=nb_days)
@@ -241,7 +239,7 @@ def duplicates(feed_id):
"""
Return duplicates article for a feed.
"""
- feed, duplicates = FeedController(g.user.id).get_duplicates(feed_id)
+ feed, duplicates = FeedController(current_user.id).get_duplicates(feed_id)
if len(duplicates) == 0:
flash(gettext('No duplicates in the feed "{}".').format(feed.title),
'info')
diff --git a/src/web/views/home.py b/src/web/views/home.py
new file mode 100644
index 00000000..12a06024
--- /dev/null
+++ b/src/web/views/home.py
@@ -0,0 +1,156 @@
+import logging
+from calendar import timegm
+
+from flask import current_app, render_template, \
+ request, flash, url_for, redirect
+from flask.ext.login import login_required, current_user
+from flask.ext.babel import gettext
+
+import conf
+from web.lib.utils import redirect_url
+from web import utils
+from web.lib.view_utils import etag_match
+from web.models import Article
+from web.views.common import jsonify
+
+from web.controllers import FeedController, \
+ ArticleController, CategoryController
+
+logger = logging.getLogger(__name__)
+
+
+@current_app.route('/')
+@login_required
+@etag_match
+def home():
+ return render_template('home.html', cdn=conf.CDN_ADDRESS)
+
+
+@current_app.route('/menu')
+@login_required
+@etag_match
+@jsonify
+def get_menu():
+ categories_order = [0]
+ categories = {0: {'name': 'No category', 'id': 0}}
+ for cat in CategoryController(current_user.id).read().order_by('name'):
+ categories_order.append(cat.id)
+ categories[cat.id] = cat
+ unread = ArticleController(current_user.id).count_by_feed(readed=False)
+ for cat_id in categories:
+ categories[cat_id]['unread'] = 0
+ categories[cat_id]['feeds'] = []
+ feeds = {feed.id: feed for feed in FeedController(current_user.id).read()}
+ for feed_id, feed in feeds.items():
+ feed['created_stamp'] = timegm(feed.created_date.timetuple()) * 1000
+ feed['last_stamp'] = timegm(feed.last_retrieved.timetuple()) * 1000
+ feed['category_id'] = feed.category_id or 0
+ feed['unread'] = unread.get(feed.id, 0)
+ if not feed.filters:
+ feed['filters'] = []
+ if feed.icon_url:
+ feed['icon_url'] = url_for('icon.icon', url=feed.icon_url)
+ categories[feed['category_id']]['unread'] += feed['unread']
+ categories[feed['category_id']]['feeds'].append(feed_id)
+ return {'feeds': feeds, 'categories': categories,
+ 'categories_order': categories_order,
+ 'crawling_method': conf.CRAWLING_METHOD,
+ 'max_error': conf.DEFAULT_MAX_ERROR,
+ 'error_threshold': conf.ERROR_THRESHOLD,
+ 'is_admin': current_user.is_admin,
+ 'all_unread_count': sum(unread.values())}
+
+
+def _get_filters(in_dict):
+ filters = {}
+ query = in_dict.get('query')
+ if query:
+ search_title = in_dict.get('search_title') == 'true'
+ search_content = in_dict.get('search_content') == 'true'
+ if search_title:
+ filters['title__ilike'] = "%%%s%%" % query
+ if search_content:
+ filters['content__ilike'] = "%%%s%%" % query
+ if len(filters) == 0:
+ filters['title__ilike'] = "%%%s%%" % query
+ if len(filters) > 1:
+ filters = {"__or__": filters}
+ if in_dict.get('filter') == 'unread':
+ filters['readed'] = False
+ elif in_dict.get('filter') == 'liked':
+ filters['like'] = True
+ filter_type = in_dict.get('filter_type')
+ if filter_type in {'feed_id', 'category_id'} and in_dict.get('filter_id'):
+ filters[filter_type] = int(in_dict['filter_id']) or None
+ return filters
+
+
+@jsonify
+def _articles_to_json(articles, fd_hash=None):
+ return {'articles': [{'title': art.title, 'liked': art.like,
+ 'read': art.readed, 'article_id': art.id, 'selected': False,
+ 'feed_id': art.feed_id, 'category_id': art.category_id or 0,
+ 'feed_title': fd_hash[art.feed_id]['title'] if fd_hash else None,
+ 'icon_url': fd_hash[art.feed_id]['icon_url'] if fd_hash else None,
+ 'date': art.date, 'timestamp': timegm(art.date.timetuple()) * 1000}
+ for art in articles.limit(1000)]}
+
+
+@current_app.route('/middle_panel')
+@login_required
+@etag_match
+def get_middle_panel():
+ filters = _get_filters(request.args)
+ art_contr = ArticleController(current_user.id)
+ fd_hash = {feed.id: {'title': feed.title,
+ 'icon_url': url_for('icon.icon', url=feed.icon_url)
+ if feed.icon_url else None}
+ for feed in FeedController(current_user.id).read()}
+ articles = art_contr.read(**filters).order_by(Article.date.desc())
+ return _articles_to_json(articles, fd_hash)
+
+
+@current_app.route('/getart/<int:article_id>')
+@current_app.route('/getart/<int:article_id>/<parse>')
+@login_required
+@etag_match
+@jsonify
+def get_article(article_id, parse=False):
+ contr = ArticleController(current_user.id)
+ article = contr.get(id=article_id)
+ if not article.readed:
+ article['readed'] = True
+ contr.update({'id': article_id}, {'readed': True})
+ article['category_id'] = article.category_id or 0
+ feed = FeedController(current_user.id).get(id=article.feed_id)
+ article['icon_url'] = url_for('icon.icon', url=feed.icon_url) \
+ if feed.icon_url else None
+ return article
+
+
+@current_app.route('/mark_all_as_read', methods=['PUT'])
+@login_required
+def mark_all_as_read():
+ filters = _get_filters(request.json)
+ acontr = ArticleController(current_user.id)
+ processed_articles = _articles_to_json(acontr.read_light(**filters))
+ acontr.update(filters, {'readed': True})
+ return processed_articles
+
+
+@current_app.route('/fetch', methods=['GET'])
+@current_app.route('/fetch/<int:feed_id>', methods=['GET'])
+@login_required
+def fetch(feed_id=None):
+ """
+ Triggers the download of news.
+ News are downloaded in a separated process, mandatory for Heroku.
+ """
+ if conf.CRAWLING_METHOD == "classic" \
+ and (not conf.ON_HEROKU or current_user.is_admin):
+ utils.fetch(current_user.id, feed_id)
+ flash(gettext("Downloading articles..."), "info")
+ else:
+ flash(gettext("The manual retrieving of news is only available " +
+ "for administrator, on the Heroku platform."), "info")
+ return redirect(redirect_url())
diff --git a/src/web/views/session_mgmt.py b/src/web/views/session_mgmt.py
new file mode 100644
index 00000000..65be856c
--- /dev/null
+++ b/src/web/views/session_mgmt.py
@@ -0,0 +1,92 @@
+import json
+import logging
+
+from werkzeug.exceptions import NotFound
+from flask import (render_template, flash, session, request,
+ url_for, redirect, current_app)
+from flask.ext.babel import gettext
+from flask.ext.login import LoginManager, logout_user, \
+ login_required, current_user
+from flask.ext.principal import (Principal, AnonymousIdentity, UserNeed,
+ identity_changed, identity_loaded,
+ session_identity_loader)
+
+import conf
+from web.views.common import admin_role, api_role, login_user_bundle
+from web.controllers import UserController
+from web.forms import SignupForm, SigninForm
+
+Principal(current_app)
+# Create a permission with a single Need, in this case a RoleNeed.
+
+login_manager = LoginManager()
+login_manager.init_app(current_app)
+login_manager.login_view = 'login'
+
+logger = logging.getLogger(__name__)
+
+
+@identity_loaded.connect_via(current_app._get_current_object())
+def on_identity_loaded(sender, identity):
+ # Set the identity user object
+ identity.user = current_user
+
+ # Add the UserNeed to the identity
+ if current_user.is_authenticated:
+ identity.provides.add(UserNeed(current_user.id))
+ if current_user.is_admin:
+ identity.provides.add(admin_role)
+ if current_user.is_api:
+ identity.provides.add(api_role)
+
+
+@login_manager.user_loader
+def load_user(user_id):
+ return UserController(user_id, ignore_context=True).get(
+ id=user_id, is_active=True)
+
+
+@current_app.route('/login', methods=['GET', 'POST'])
+def login():
+ if current_user.is_authenticated:
+ return redirect(url_for('home'))
+ form = SigninForm()
+ if form.validate_on_submit():
+ login_user_bundle(form.user)
+ return form.redirect('home')
+ return render_template('login.html', form=form)
+
+
+@current_app.route('/logout')
+@login_required
+def logout():
+ # Remove the user information from the session
+ logout_user()
+
+ # Remove session keys set by Flask-Principal
+ for key in ('identity.name', 'identity.auth_type'):
+ session.pop(key, None)
+
+ # Tell Flask-Principal the user is anonymous
+ identity_changed.send(current_app, identity=AnonymousIdentity())
+ session_identity_loader()
+
+ return redirect(url_for('login'))
+
+
+@current_app.route('/signup', methods=['GET', 'POST'])
+def signup():
+ if not conf.SELF_REGISTRATION:
+ flash(gettext("Self-registration is disabled."), 'warning')
+ return redirect(url_for('home'))
+ if current_user.is_authenticated:
+ return redirect(url_for('home'))
+
+ form = SignupForm()
+ if form.validate_on_submit():
+ user = UserController().create(login=form.login.data,
+ email=form.email.data, password=form.password.data)
+ login_user_bundle(user)
+ return redirect(url_for('home'))
+
+ return render_template('signup.html', form=form)
diff --git a/src/web/views/user.py b/src/web/views/user.py
index 06dc2089..24f9bedb 100644
--- a/src/web/views/user.py
+++ b/src/web/views/user.py
@@ -3,7 +3,7 @@ import random
from flask import (Blueprint, g, render_template, redirect,
flash, url_for, request)
from flask.ext.babel import gettext
-from flask.ext.login import login_required
+from flask.ext.login import login_required, current_user
import conf
from web import utils, notifications
@@ -30,9 +30,9 @@ def management():
flash(gettext('File not allowed.'), 'danger')
else:
try:
- nb = utils.import_opml(g.user.email, data.read())
+ nb = utils.import_opml(current_user.email, data.read())
if conf.CRAWLING_METHOD == "classic":
- utils.fetch(g.user.email, None)
+ utils.fetch(current_user.email, None)
flash(str(nb) + ' ' + gettext('feeds imported.'),
"success")
flash(gettext("Downloading articles..."), 'info')
@@ -46,7 +46,7 @@ def management():
flash(gettext('File not allowed.'), 'danger')
else:
try:
- nb = utils.import_json(g.user.email, data.read())
+ nb = utils.import_json(current_user.email, data.read())
flash(gettext('Account imported.'), "success")
except:
flash(gettext("Impossible to import the account."),
@@ -54,11 +54,11 @@ def management():
else:
flash(gettext('File not allowed.'), 'danger')
- nb_feeds = FeedController(g.user.id).read().count()
- art_contr = ArticleController(g.user.id)
+ nb_feeds = FeedController(current_user.id).read().count()
+ art_contr = ArticleController(current_user.id)
nb_articles = art_contr.read().count()
nb_unread_articles = art_contr.read(readed=False).count()
- return render_template('management.html', user=g.user,
+ return render_template('management.html', user=current_user,
nb_feeds=nb_feeds, nb_articles=nb_articles,
nb_unread_articles=nb_unread_articles)
@@ -69,13 +69,13 @@ def profile():
"""
Edit the profile of the currently logged user.
"""
- user_contr = UserController(g.user.id)
- user = user_contr.get(id=g.user.id)
+ user_contr = UserController(current_user.id)
+ user = user_contr.get(id=current_user.id)
form = ProfileForm()
if request.method == 'POST':
if form.validate():
- user_contr.update({'id': g.user.id},
+ user_contr.update({'id': current_user.id},
{'nickname': form.nickname.data,
'email': form.email.data,
'password': form.password.data,
@@ -98,7 +98,7 @@ def delete_account():
"""
Delete the account of the user (with all its data).
"""
- UserController(g.user.id).delete(g.user.id)
+ UserController(current_user.id).delete(current_user.id)
flash(gettext('Your account has been deleted.'), 'success')
return redirect(url_for('login'))
diff --git a/src/web/views/views.py b/src/web/views/views.py
index b31322eb..b23a41a1 100644
--- a/src/web/views/views.py
+++ b/src/web/views/views.py
@@ -1,422 +1,46 @@
-#! /usr/bin/env python
-# -*- coding: utf-8 -*-
-
-# jarr - A Web based news aggregator.
-# Copyright (C) 2010-2016 Cédric Bonhomme - https://www.cedricbonhomme.org
-#
-# For more information : https://github.com/JARR-aggregator/JARR
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-__author__ = "Cedric Bonhomme"
-__version__ = "$Revision: 5.3 $"
-__date__ = "$Date: 2010/01/29 $"
-__revision__ = "$Date: 2014/08/27 $"
-__copyright__ = "Copyright (c) Cedric Bonhomme"
-__license__ = "AGPLv3"
-
-import os
import logging
-import datetime
-
-from bootstrap import application as app, db
-from flask import render_template, request, flash, session, \
- url_for, redirect, g, current_app, make_response
-from flask.ext.login import LoginManager, login_user, logout_user, \
- login_required, current_user, AnonymousUserMixin
-from flask.ext.principal import Principal, Identity, AnonymousIdentity, \
- identity_changed, identity_loaded, Permission,\
- RoleNeed, UserNeed
+from flask import (request, render_template, flash,
+ url_for, redirect, current_app)
from flask.ext.babel import gettext
-from sqlalchemy.exc import IntegrityError
-from werkzeug import generate_password_hash
-import conf
-from web.lib.utils import redirect_url
-from web import utils, notifications, export
+from conf import API_ROOT
from web.lib.view_utils import etag_match
-from web.models import User, Article, Role
-from web.forms import SignupForm, SigninForm
-
-from web.controllers import UserController, FeedController, \
- ArticleController, CategoryController
-
-
-Principal(app)
-# Create a permission with a single Need, in this case a RoleNeed.
-admin_permission = Permission(RoleNeed('admin'))
-
-login_manager = LoginManager()
-login_manager.init_app(app)
-login_manager.login_message = gettext('Authentication required.')
-login_manager.login_message_category = "info"
-login_manager.login_view = 'login'
logger = logging.getLogger(__name__)
-#
-# Management of the user's session.
-#
-@identity_loaded.connect_via(app)
-def on_identity_loaded(sender, identity):
- # Set the identity user object
- identity.user = current_user
-
- # Add the UserNeed to the identity
- if hasattr(current_user, 'id'):
- identity.provides.add(UserNeed(current_user.id))
-
- # Assuming the User model has a list of roles, update the
- # identity with the roles that the user provides
- if hasattr(current_user, 'roles'):
- for role in current_user.roles:
- identity.provides.add(RoleNeed(role.name))
-
-
-@app.before_request
-def before_request():
- g.user = current_user
- if g.user.is_authenticated:
- g.user.last_seen = datetime.datetime.utcnow()
- db.session.add(g.user)
- db.session.commit()
-
-
-@login_manager.user_loader
-def load_user(id):
- # Return an instance of the User model
- return UserController().get(id=id)
-
-
-#
-# Custom error pages.
-#
-@app.errorhandler(401)
-def authentication_required(e):
+@current_app.errorhandler(401)
+def authentication_required(error):
+ if API_ROOT in request.url:
+ return error
flash(gettext('Authentication required.'), 'info')
return redirect(url_for('login'))
-@app.errorhandler(403)
-def authentication_failed(e):
+@current_app.errorhandler(403)
+def authentication_failed(error):
+ if API_ROOT in request.url:
+ return error
flash(gettext('Forbidden.'), 'danger')
return redirect(url_for('login'))
-@app.errorhandler(404)
-def page_not_found(e):
+@current_app.errorhandler(404)
+def page_not_found(error):
return render_template('errors/404.html'), 404
-@app.errorhandler(500)
-def internal_server_error(e):
+@current_app.errorhandler(500)
+def internal_server_error(error):
return render_template('errors/500.html'), 500
-@g.babel.localeselector
-def get_locale():
- """
- Called before each request to give us a chance to choose
- the language to use when producing its response.
- """
- return request.accept_languages.best_match(conf.LANGUAGES.keys())
-
-
-@g.babel.timezoneselector
-def get_timezone():
- try:
- return conf.TIME_ZONE[get_locale()]
- except:
- return conf.TIME_ZONE["en"]
-
-
-#
-# Views.
-#
-@app.route('/login', methods=['GET', 'POST'])
-def login():
- """
- Log in view.
- """
- if g.user is not None and g.user.is_authenticated:
- return redirect(url_for('home'))
- g.user = AnonymousUserMixin()
- form = SigninForm()
- if form.validate_on_submit():
- user = UserController().get(email=form.email.data)
- login_user(user)
- g.user = user
- session['email'] = form.email.data
- identity_changed.send(current_app._get_current_object(),
- identity=Identity(user.id))
- return form.redirect('home')
- return render_template('login.html', form=form)
-
-
-@app.route('/logout')
-@login_required
-def logout():
- """
- Log out view. Removes the user information from the session.
- """
- session.pop('email', None)
-
- # Remove the user information from the session
- logout_user()
-
- # Remove session keys set by Flask-Principal
- for key in ('identity.name', 'identity.auth_type'):
- session.pop(key, None)
-
- # Tell Flask-Principal the user is anonymous
- identity_changed.send(current_app._get_current_object(),
- identity=AnonymousIdentity())
-
- flash(gettext("Logged out successfully."), 'success')
- return redirect(url_for('login'))
-
-
-@app.route('/signup', methods=['GET', 'POST'])
-def signup():
- """
- Signup page.
- """
- if int(os.environ.get("SELF_REGISTRATION", 0)) != 1:
- flash(gettext("Self-registration is disabled."), 'warning')
- return redirect(url_for('home'))
- if g.user is not None and g.user.is_authenticated:
- return redirect(url_for('home'))
+@current_app.errorhandler(AssertionError)
+def handle_sqlalchemy_assertion_error(error):
+ return error.args[0], 400
- form = SignupForm()
- if form.validate_on_submit():
- role_user = Role.query.filter(Role.name == "user").first()
- user = User(nickname=form.nickname.data,
- email=form.email.data,
- pwdhash=generate_password_hash(form.password.data))
- user.roles = [role_user]
- db.session.add(user)
- try:
- db.session.commit()
- except IntegrityError:
- flash(gettext('Email already used.'), 'warning')
- return render_template('signup.html', form=form)
-
- # Send the confirmation email
- try:
- notifications.new_account_notification(user)
- except Exception as error:
- flash(gettext('Problem while sending activation email: %(error)s',
- error=error), 'danger')
- return redirect(url_for('home'))
-
- flash(gettext('Your account has been created. '
- 'Check your mail to confirm it.'), 'success')
- return redirect(url_for('home'))
-
- return render_template('signup.html', form=form)
-
-
-from calendar import timegm
-from flask import jsonify
-
-
-@app.route('/')
-@login_required
-@etag_match
-def home():
- return render_template('home.html', cdn=conf.CDN_ADDRESS)
-
-
-@app.route('/menu')
-@login_required
-def get_menu():
- categories_order = [0]
- categories = {0: {'name': 'No category', 'id': 0}}
- for cat in CategoryController(g.user.id).read().order_by('name'):
- categories_order.append(cat.id)
- categories[cat.id] = cat.dump()
- unread = ArticleController(g.user.id).count_by_feed(readed=False)
- for cat_id in categories:
- categories[cat_id]['unread'] = 0
- categories[cat_id]['feeds'] = []
- feeds = {feed.id: feed.dump() for feed in FeedController(g.user.id).read()}
- for feed_id, feed in feeds.items():
- feed['created_stamp'] = timegm(feed['created_date'].timetuple()) * 1000
- feed['last_stamp'] = timegm(feed['last_retrieved'].timetuple()) * 1000
- feed['category_id'] = feed['category_id'] or 0
- feed['unread'] = unread.get(feed['id'], 0)
- if not feed['filters']:
- feed['filters'] = []
- if feed.get('icon_url'):
- feed['icon_url'] = url_for('icon.icon', url=feed['icon_url'])
- categories[feed['category_id']]['unread'] += feed['unread']
- categories[feed['category_id']]['feeds'].append(feed_id)
- return jsonify(**{'feeds': feeds, 'categories': categories,
- 'categories_order': categories_order,
- 'crawling_method': conf.CRAWLING_METHOD,
- 'max_error': conf.DEFAULT_MAX_ERROR,
- 'error_threshold': conf.ERROR_THRESHOLD,
- 'is_admin': g.user.is_admin(),
- 'all_unread_count': sum(unread.values())})
-
-
-def _get_filters(in_dict):
- filters = {}
- query = in_dict.get('query')
- if query:
- search_title = in_dict.get('search_title') == 'true'
- search_content = in_dict.get('search_content') == 'true'
- if search_title:
- filters['title__ilike'] = "%%%s%%" % query
- if search_content:
- filters['content__ilike'] = "%%%s%%" % query
- if len(filters) == 0:
- filters['title__ilike'] = "%%%s%%" % query
- if len(filters) > 1:
- filters = {"__or__": filters}
- if in_dict.get('filter') == 'unread':
- filters['readed'] = False
- elif in_dict.get('filter') == 'liked':
- filters['like'] = True
- filter_type = in_dict.get('filter_type')
- if filter_type in {'feed_id', 'category_id'} and in_dict.get('filter_id'):
- filters[filter_type] = int(in_dict['filter_id']) or None
- return filters
-
-
-def _articles_to_json(articles, fd_hash=None):
- return jsonify(**{'articles': [{'title': art.title, 'liked': art.like,
- 'read': art.readed, 'article_id': art.id, 'selected': False,
- 'feed_id': art.feed_id, 'category_id': art.category_id or 0,
- 'feed_title': fd_hash[art.feed_id]['title'] if fd_hash else None,
- 'icon_url': fd_hash[art.feed_id]['icon_url'] if fd_hash else None,
- 'date': art.date, 'timestamp': timegm(art.date.timetuple()) * 1000}
- for art in articles.limit(1000)]})
-
-
-@app.route('/middle_panel')
-@login_required
-def get_middle_panel():
- filters = _get_filters(request.args)
- art_contr = ArticleController(g.user.id)
- fd_hash = {feed.id: {'title': feed.title,
- 'icon_url': url_for('icon.icon', url=feed.icon_url)
- if feed.icon_url else None}
- for feed in FeedController(g.user.id).read()}
- articles = art_contr.read(**filters).order_by(Article.date.desc())
- return _articles_to_json(articles, fd_hash)
-
-
-@app.route('/getart/<int:article_id>')
-@login_required
-def get_article(article_id):
- contr = ArticleController(g.user.id)
- article = contr.get(id=article_id).dump()
- if not article['readed']:
- contr.update({'id': article_id}, {'readed': True})
- article['category_id'] = article['category_id'] or 0
- feed = FeedController(g.user.id).get(id=article['feed_id'])
- article['icon_url'] = url_for('icon.icon', url=feed.icon_url) \
- if feed.icon_url else None
- return jsonify(**article)
-
-
-@app.route('/mark_all_as_read', methods=['PUT'])
-@login_required
-def mark_all_as_read():
- filters, acontr = _get_filters(request.json), ArticleController(g.user.id)
- articles = _articles_to_json(acontr.read(**filters))
- acontr.update(filters, {'readed': True})
- return articles
-
-
-@app.route('/fetch', methods=['GET'])
-@app.route('/fetch/<int:feed_id>', methods=['GET'])
-@login_required
-def fetch(feed_id=None):
- """
- Triggers the download of news.
- News are downloaded in a separated process, mandatory for Heroku.
- """
- if conf.CRAWLING_METHOD == "classic" \
- and (not conf.ON_HEROKU or g.user.is_admin()):
- utils.fetch(g.user.id, feed_id)
- flash(gettext("Downloading articles..."), "info")
- else:
- flash(gettext("The manual retrieving of news is only available " +
- "for administrator, on the Heroku platform."), "info")
- return redirect(redirect_url())
-
-
-@app.route('/about', methods=['GET'])
+@current_app.route('/about', methods=['GET'])
@etag_match
def about():
- """
- 'About' page.
- """
return render_template('about.html')
-
-
-@app.route('/export', methods=['GET'])
-@login_required
-def export_articles():
- """
- Export all articles to HTML or JSON.
- """
- user = UserController(g.user.id).get(id=g.user.id)
- if request.args.get('format') == "HTML":
- # Export to HTML
- try:
- archive_file, archive_file_name = export.export_html(user)
- except:
- flash(gettext("Error when exporting articles."), 'danger')
- return redirect(redirect_url())
- response = make_response(archive_file)
- response.headers['Content-Type'] = 'application/x-compressed'
- response.headers['Content-Disposition'] = 'attachment; filename=%s' \
- % archive_file_name
- elif request.args.get('format') == "JSON":
- # Export to JSON
- try:
- json_result = export.export_json(user)
- except:
- flash(gettext("Error when exporting articles."), 'danger')
- return redirect(redirect_url())
- response = make_response(json_result)
- response.mimetype = 'application/json'
- response.headers["Content-Disposition"] \
- = 'attachment; filename=account.json'
- else:
- flash(gettext('Export format not supported.'), 'warning')
- return redirect(redirect_url())
- return response
-
-
-@app.route('/export_opml', methods=['GET'])
-@login_required
-def export_opml():
- """
- Export all feeds to OPML.
- """
- user = UserController(g.user.id).get(id=g.user.id)
- categories = {cat.id: cat.dump()
- for cat in CategoryController(g.user.id).read()}
- response = make_response(render_template('opml.xml', user=user,
- categories=categories,
- now=datetime.datetime.now()))
- response.headers['Content-Type'] = 'application/xml'
- response.headers['Content-Disposition'] = 'attachment; filename=feeds.opml'
- return response
bgstack15